View Full Version : No windows update & Regedit lock
This is my first post - please forgive me if I fail to include the appropriate information. I will attempt to be as thorough as possible.
Problem: Windows update gives error: 0x800704dd
Problem: Task Manager and Regedit are locked
I have run Spybot in safe mode as per the instructions. Operating system is XP Home SP2. Many viruses and spyware. Cleaned with CA prior to Spybot. During CA cleaning I had to restore to restore point due to bluescreen.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:28 AM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\imupdate.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\update\update.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\Powery\Desktop\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CU1] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kwro] C:\Program Files\Common Files\kwro\kwrom.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CU1] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: win32.exe - Unknown owner - C:\WINDOWS\win32.exe (file missing)
--
End of file - 9811 bytes
Hi jezzzzy
Rename HijackThis.exe to jezzzzy.exe and post back a fresh HijackThis log, please :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:54 AM, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Powery\Desktop\jezzzzy.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\imupdate.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CU1] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kwro] C:\Program Files\Common Files\kwro\kwrom.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CU1] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: win32.exe - Unknown owner - C:\WINDOWS\win32.exe (file missing)
--
End of file - 9653 bytes
Unfortunately it didn't go right.
Rename HijackThis.exe to jezzzzy.exe by doing the following;
Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to jezzzzy.exe
When you've renamed HijackThis, open HijackThis again.
Take a fresh HijackThis log (click Do a system scan and save a log file)
Post the fresh HijackThis log here.
My version of Hijack this seems to be contained in a file on my desktop, not in my "Program Files" folder. It is represented in the log in the line that reads as follows:
C:\Documents and Settings\Powery\Desktop\jezzzzy.exe
Yes, my bad.
We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
Combofix done. Report here:
ComboFix 08-09-28.01 - Powery 2008-09-29 17:29:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -4:00]Running from: C:\Documents and Settings\Powery\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\system32\imas3r
C:\WINDOWS\winsysupd111.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.
2008-09-28 02:09 . 2008-09-28 02:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 23:50 . 2008-09-27 23:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-27 23:50 . 2008-09-27 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 23:44 . 2008-09-28 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-27 23:41 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 23:39 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 23:38 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 23:38 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-27 23:26 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-27 23:26 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-27 23:25 . 2008-09-27 23:25 <DIR> d---s---- C:\Documents and Settings\Powery\UserData
2008-09-27 22:35 . 2008-09-27 23:12 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-09-27 18:30 . 2008-09-29 17:40 53,488 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-09-27 18:30 . 2008-09-29 17:40 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-09-27 16:31 . 2008-09-27 16:32 <DIR> d-------- C:\Program Files\CA
2008-09-27 16:31 . 2008-09-27 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-09-27 16:31 . 2008-09-27 23:12 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-09-27 16:31 . 2008-09-27 23:12 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-09-27 16:31 . 2008-06-02 13:05 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-09-27 16:31 . 2008-09-27 23:12 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-09-27 16:31 . 2008-06-02 13:06 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-09-27 16:31 . 2008-09-27 23:12 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Lavasoft
2008-09-01 14:44 . 2003-11-20 20:28 <DIR> d-------- C:\Documents and Settings\Powery\WINDOWS
2008-09-01 14:44 . 2003-11-20 21:32 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\toshiba
2008-09-01 14:44 . 2008-09-01 14:46 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Symantec
2008-09-01 14:44 . 2003-11-21 14:25 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterVideo
2008-09-01 14:44 . 2003-11-20 20:59 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterTrust
2008-09-01 14:44 . 2003-11-20 21:52 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Drag'n Drop CD+DVD
2008-09-01 14:44 . 2008-09-29 17:49 <DIR> d-------- C:\Documents and Settings\Powery
2008-09-01 14:40 . 2008-09-01 14:40 32,768 --a------ C:\WINDOWS\~DF85FF.tmp
2008-09-01 14:37 . 2008-09-01 14:37 32,768 --a------ C:\WINDOWS\~DFB011.tmp
2008-09-01 12:25 . 2008-09-01 12:25 32,768 --a------ C:\WINDOWS\~DFD577.tmp
2008-08-30 12:22 . 2008-08-30 12:22 32,768 --a------ C:\WINDOWS\~DF1245.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 21:48 --------- d-----w C:\Program Files\Imjtbuk
2008-09-27 21:48 --------- d-----w C:\Program Files\Hqgd
2008-09-27 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 19:15 --------- d-----w C:\Program Files\Norton SystemWorks
2008-09-27 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-01 18:44 --------- d-----w C:\Program Files\Web Publish
2008-09-01 18:41 8,224 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-13 03:01 32,768 ----a-w C:\WINDOWS\~DFE65E.tmp
2008-07-13 03:01 16,384 ----a-w C:\WINDOWS\~DFD595.tmp
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-03-28 14:19 110,592 --sha-w C:\WINDOWS\system32\imupdate.exe
2005-08-02 21:46 187,904 --sha-r C:\WINDOWS\TXkgUGM\asappsrv.dll
2005-08-02 21:58 293,888 --sha-r C:\WINDOWS\TXkgUGM\command.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TXkgUGM\nr40o3g.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"TFncKy"="C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" [2003-08-18 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-22 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-28 155648]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 1019904]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-27 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-27 234736]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-09-27 14088]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-27 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-27 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-27 259312]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"MSN IM Update"="imupdate.exe" [2006-03-28 C:\WINDOWS\system32\imupdate.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=C:\WINDOWS\pss\20-20 Shortcut Bar.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Boingo.lnk]
backup=C:\WINDOWS\pss\Boingo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^oxjz.exe]
backup=C:\WINDOWS\pss\oxjz.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Photo Explosion Calendar Checker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B Notebook Adapter Utility.lnk]
backup=C:\WINDOWS\pss\Wireless-B Notebook Adapter Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2003-04-16 00:01 258048 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-07-17 21:38 159744 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2003-11-05 09:38 1380352 C:\PROGRA~1\B'SCLI~1\Win2K\BsCLiP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 22:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 14:29 40960 C:\WINDOWS\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-02 20:16 172032 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 13:39 159744 c:\TOSHIBA\Ivp\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a------ 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2004-07-25 15:45 1277952 C:\Program Files\Support.com\BellSouth\hcenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-24 00:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-04-18 15:20 88363 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN IM Update]
--ahs---- 2006-03-28 10:19 110592 C:\WINDOWS\system32\imupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 20:03 73728 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2003-11-20 01:15 278528 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"win32.exe"=2 (0x2)
"Swupdtmr"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpeedTouch USB Diagnostics - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
HKLM-Run-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
HKU-Default-Run-kwro - C:\Program Files\Common Files\kwro\kwrom.exe
HKU-Default-Run-CU1 - (no file)
HKU-Default-Run-CU2 - (no file)
MSConfigStartUp-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-Pure Networks Port Magic - C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-QBCD Autorun - D:\autorun.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,Local Page =
R0 -: HKLM-Main,Local Page =
R0 -: HKLM-Main,Start Page =
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp:///
O17 -: HKLM\CCS\Interface\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 17:51:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
.
**************************************************************************
.
Completion time: 2008-09-29 18:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 22:04:18
Pre-Run: 7,986,098,176 bytes free
Post-Run: 7,893,360,640 bytes free
288 --- E O F --- 2008-09-29 03:46:38
New HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:00 PM, on 9/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\imupdate.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Powery\Desktop\jezzzzy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: win32.exe - Unknown owner - C:\WINDOWS\win32.exe (file missing)
--
End of file - 9517 bytes
Open notepad and copy/paste the text in the codebox below into it:
DirLook::
C:\Program Files\Imjtbuk
C:\Program Files\Hqgd
Folder::
C:\WINDOWS\TXkgUGM
Driver::
win32.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
R0 -: HKCU-Main,Local Page =
R0 -: HKLM-Main,Local Page =
R0 -: HKLM-Main,Start Page =
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"win32.exe"=-
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:48 PM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\imupdate.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Powery\Desktop\jezzzzy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9393 bytes
Combofix Log:
ComboFix 08-09-28.01 - Powery 2008-09-30 14:15:36.2 - NTFSx86
Running from: C:\Documents and Settings\Powery\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Powery\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\TXkgUGM
C:\WINDOWS\TXkgUGM\asappsrv.dll
C:\WINDOWS\TXkgUGM\command.exe
C:\WINDOWS\TXkgUGM\nr40o3g.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WIN32.EXE
-------\Service_win32.exe
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.
2008-09-28 02:09 . 2008-09-28 02:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 23:50 . 2008-09-27 23:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-27 23:50 . 2008-09-27 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 23:44 . 2008-09-28 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-27 23:41 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 23:39 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 23:38 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 23:38 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-27 23:26 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-27 23:26 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-27 23:25 . 2008-09-27 23:25 <DIR> d---s---- C:\Documents and Settings\Powery\UserData
2008-09-27 22:35 . 2008-09-27 23:12 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-09-27 18:30 . 2008-09-30 14:25 53,488 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-09-27 18:30 . 2008-09-30 14:25 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-09-27 16:31 . 2008-09-27 16:32 <DIR> d-------- C:\Program Files\CA
2008-09-27 16:31 . 2008-09-27 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-09-27 16:31 . 2008-09-27 23:12 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-09-27 16:31 . 2008-09-27 23:12 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-09-27 16:31 . 2008-06-02 13:05 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-09-27 16:31 . 2008-09-27 23:12 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-09-27 16:31 . 2008-06-02 13:06 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-09-27 16:31 . 2008-09-27 23:12 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Lavasoft
2008-09-01 14:44 . 2003-11-20 20:28 <DIR> d-------- C:\Documents and Settings\Powery\WINDOWS
2008-09-01 14:44 . 2003-11-20 21:32 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\toshiba
2008-09-01 14:44 . 2008-09-01 14:46 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Symantec
2008-09-01 14:44 . 2003-11-21 14:25 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterVideo
2008-09-01 14:44 . 2003-11-20 20:59 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterTrust
2008-09-01 14:44 . 2003-11-20 21:52 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Drag'n Drop CD+DVD
2008-09-01 14:44 . 2008-09-30 14:34 <DIR> d-------- C:\Documents and Settings\Powery
2008-09-01 14:40 . 2008-09-01 14:40 32,768 --a------ C:\WINDOWS\~DF85FF.tmp
2008-09-01 14:37 . 2008-09-01 14:37 32,768 --a------ C:\WINDOWS\~DFB011.tmp
2008-09-01 12:25 . 2008-09-01 12:25 32,768 --a------ C:\WINDOWS\~DFD577.tmp
2008-08-30 12:22 . 2008-08-30 12:22 32,768 --a------ C:\WINDOWS\~DF1245.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 21:48 --------- d-----w C:\Program Files\Imjtbuk
2008-09-27 21:48 --------- d-----w C:\Program Files\Hqgd
2008-09-27 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 19:15 --------- d-----w C:\Program Files\Norton SystemWorks
2008-09-27 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-01 18:44 --------- d-----w C:\Program Files\Web Publish
2008-09-01 18:41 8,224 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-13 03:01 32,768 ----a-w C:\WINDOWS\~DFE65E.tmp
2008-07-13 03:01 16,384 ----a-w C:\WINDOWS\~DFD595.tmp
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 22:05 32,768 ----a-w C:\WINDOWS\~DFDF46.tmp
2008-06-06 22:05 16,384 ----a-w C:\WINDOWS\~DFCD6B.tmp
2006-03-28 14:19 110,592 --sha-w C:\WINDOWS\system32\imupdate.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Hqgd ----
---- Directory of C:\Program Files\Imjtbuk ----
((((((((((((((((((((((((((((( snapshot@2008-09-29_17.58.48.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 17:22:53 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-29 21:51:12 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-28 17:22:53 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-29 21:51:13 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"TFncKy"="C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" [2003-08-18 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-22 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-28 155648]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 1019904]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-27 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-27 234736]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-09-27 14088]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-27 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-27 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-27 259312]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"MSN IM Update"="imupdate.exe" [2006-03-28 C:\WINDOWS\system32\imupdate.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=C:\WINDOWS\pss\20-20 Shortcut Bar.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Boingo.lnk]
backup=C:\WINDOWS\pss\Boingo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^oxjz.exe]
backup=C:\WINDOWS\pss\oxjz.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Photo Explosion Calendar Checker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B Notebook Adapter Utility.lnk]
backup=C:\WINDOWS\pss\Wireless-B Notebook Adapter Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2003-04-16 00:01 258048 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-07-17 21:38 159744 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2003-11-05 09:38 1380352 C:\PROGRA~1\B'SCLI~1\Win2K\BsCLiP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 22:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 14:29 40960 C:\WINDOWS\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-02 20:16 172032 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 13:39 159744 c:\TOSHIBA\Ivp\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a------ 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2004-07-25 15:45 1277952 C:\Program Files\Support.com\BellSouth\hcenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-24 00:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-04-18 15:20 88363 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN IM Update]
--ahs---- 2006-03-28 10:19 110592 C:\WINDOWS\system32\imupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 20:03 73728 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2003-11-20 01:15 278528 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 14:34:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
.
**************************************************************************
.
Completion time: 2008-09-30 14:55:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 18:51:25
ComboFix2.txt 2008-09-29 22:07:49
Pre-Run: 8,333,434,880 bytes free
Post-Run: 8,312,946,688 bytes free
268 --- E O F --- 2008-09-29 03:46:38
Delete these folders:
C:\Program Files\Imjtbuk
C:\Program Files\Hqgd
Empty Recycle Bin.
Go to start - run
Type this and click ok:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
After that, type this and click ok:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Let me know if task manager and regedit work now.
Folders deleted. Ran the reg commands.
Registry and Task Manager still disabled.
Then some infection might put them immediately back after deletion.
* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.
Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
The log from GMER is too large to put into a message. I tried to upload the text file, but that exceeded the specs for txt file upload. I will just separate the log into 2 posts.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-01 09:41:04
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xF0B0C6EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xF10E4FD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xF0B0D40B]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xF0B0D75C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xF0B0C64E]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xF0B0D130]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xF10E4662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xF0B0D538]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F96D10E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F96D35A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F96D0C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F96D0B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F96D10E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F96D0C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F96D35A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F96D35A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F96D35A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F96D2E90] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F96D3660] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F96D0B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F96D2B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F96D10E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F96D2F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F96D0C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F96D35A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F96D3180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F96D0BC0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F96D0B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F96D1B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F96D2BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F96D2A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F96D2460] kmxstart.sys (HIPS Core Driver/CA)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00990560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00990740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00990560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00990560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[792] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02190910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02190910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [02190560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02190910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02190740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02190910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [02190560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02190910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0218FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [0218FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [021901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0218FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [0218FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1012] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0218F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1148] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1284] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [01090560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [01090560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [01090560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01090740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0108F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0108FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0108FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [010901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0108FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0108FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01090910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1988] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)
Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)
Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000084 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.)
---- EOF - GMER 1.0.14 ----
Please download FixPolicies.exe (http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe) by Bill Castner and save it to your desktop.
Double click on FixPolicies.exe to run it.
Click on Install. It will create a folder named FixPolicies on your desktop.
Open the FixPolicies folder.
Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.
Let me know if any change in task manager and/or registry editor.
No change. Still disabled.
Open HijackThis, click do a system scan only and checkmark this:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log and tell me if regedit works now?
No change. I also ran HijackThis as you instructed and checked the 07 box and clicked "fix selected" and then after the fix, i did a quick scan again and the item was still in the list. Not sure if that helps.
You are doing everything from admin account?
Please re-run combofix and post its log here along with a fresh HijackThis log.
This is XP Home. No admin account, per se. But the user does have "admin" rights.
OK, that is fine.
Continue with combofix run, please :)
Ok. Running now. Not sure if it matters, but ComboFix started and then didn't open the "blue" window. I had to run it again to get it to start. I don't have task manager, so it's hard to tell what happened. It's running now.
Combofix Log:
ComboFix 08-09-28.01 - Powery 2008-10-01 11:02:51.3 - NTFSx86
Running from: C:\Documents and Settings\Powery\Desktop\Fix\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-10-01 09:14 . 2008-10-01 09:14 250 --a------ C:\WINDOWS\gmer.ini
2008-09-28 02:09 . 2008-09-28 02:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 23:50 . 2008-09-27 23:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-27 23:50 . 2008-09-27 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 23:44 . 2008-09-28 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-27 23:41 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 23:39 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 23:38 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 23:38 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-27 23:26 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-27 23:26 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-27 23:25 . 2008-09-27 23:25 <DIR> d---s---- C:\Documents and Settings\Powery\UserData
2008-09-27 22:35 . 2008-09-27 23:12 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-09-27 18:30 . 2008-10-01 10:36 53,488 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-09-27 16:31 . 2008-09-27 16:32 <DIR> d-------- C:\Program Files\CA
2008-09-27 16:31 . 2008-09-27 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-09-27 16:31 . 2008-09-27 23:12 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-09-27 16:31 . 2008-09-27 23:12 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-09-27 16:31 . 2008-06-02 13:05 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-09-27 16:31 . 2008-09-27 23:12 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-09-27 16:31 . 2008-06-02 13:06 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-09-27 16:31 . 2008-09-27 23:12 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Lavasoft
2008-09-01 14:44 . 2003-11-20 20:28 <DIR> d-------- C:\Documents and Settings\Powery\WINDOWS
2008-09-01 14:44 . 2003-11-20 21:32 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\toshiba
2008-09-01 14:44 . 2008-09-01 14:46 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Symantec
2008-09-01 14:44 . 2003-11-21 14:25 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterVideo
2008-09-01 14:44 . 2003-11-20 20:59 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterTrust
2008-09-01 14:44 . 2003-11-20 21:52 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Drag'n Drop CD+DVD
2008-09-01 14:44 . 2008-10-01 10:41 <DIR> d-------- C:\Documents and Settings\Powery
2008-09-01 14:40 . 2008-09-01 14:40 32,768 --a------ C:\WINDOWS\~DF85FF.tmp
2008-09-01 14:37 . 2008-09-01 14:37 32,768 --a------ C:\WINDOWS\~DFB011.tmp
2008-09-01 12:25 . 2008-09-01 12:25 32,768 --a------ C:\WINDOWS\~DFD577.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 19:15 --------- d-----w C:\Program Files\Norton SystemWorks
2008-09-27 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-01 18:44 --------- d-----w C:\Program Files\Web Publish
2008-09-01 18:41 8,224 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-08-30 16:22 32,768 ----a-w C:\WINDOWS\~DF1245.tmp
2008-07-13 03:01 32,768 ----a-w C:\WINDOWS\~DFE65E.tmp
2008-07-13 03:01 16,384 ----a-w C:\WINDOWS\~DFD595.tmp
2006-03-28 14:19 110,592 --sha-w C:\WINDOWS\system32\imupdate.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-29_17.58.48.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-01 13:14:43 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-18 01:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-10-01 13:14:43 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2008-09-28 17:22:53 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-29 21:51:12 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-28 17:22:53 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-29 21:51:13 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"TFncKy"="C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" [2003-08-18 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-22 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-28 155648]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 1019904]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-27 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-27 234736]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-09-27 14088]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-27 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-27 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-27 259312]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"MSN IM Update"="imupdate.exe" [2006-03-28 C:\WINDOWS\system32\imupdate.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=C:\WINDOWS\pss\20-20 Shortcut Bar.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Boingo.lnk]
backup=C:\WINDOWS\pss\Boingo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^oxjz.exe]
backup=C:\WINDOWS\pss\oxjz.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Photo Explosion Calendar Checker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B Notebook Adapter Utility.lnk]
backup=C:\WINDOWS\pss\Wireless-B Notebook Adapter Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2003-04-16 00:01 258048 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-07-17 21:38 159744 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2003-11-05 09:38 1380352 C:\PROGRA~1\B'SCLI~1\Win2K\BsCLiP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 22:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 14:29 40960 C:\WINDOWS\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-02 20:16 172032 C:\Program Files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 13:39 159744 c:\TOSHIBA\Ivp\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a------ 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\Regshave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2004-07-25 15:45 1277952 C:\Program Files\Support.com\BellSouth\hcenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-24 00:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-04-18 15:20 88363 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN IM Update]
--ahs---- 2006-03-28 10:19 110592 C:\WINDOWS\system32\imupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 20:03 73728 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2003-11-20 01:15 278528 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 9344]
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-03-19 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-03-19 115216]
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-11-04 390400]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-03-21 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-04-15 281104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-05-30 88816]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys [2003-10-01 184832]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-27 185584]
S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-03-20 19140]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\BWNDIS5.SYS [2003-01-11 15744]
S3 USA19H;USA19H;C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 44928]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp:///
O17 -: HKLM\CCS\Interface\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:12:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-01 11:18:06
ComboFix-quarantined-files.txt 2008-10-01 15:17:54
ComboFix2.txt 2008-09-30 18:55:51
ComboFix3.txt 2008-09-29 22:07:49
Pre-Run: 8,310,751,232 bytes free
Post-Run: 8,297,508,864 bytes free
251 --- E O F --- 2008-09-29 03:46:38
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:23 AM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Powery\Desktop\Fix\jezzzzy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9127 bytes
Regedit and Task Manager are fixed.
Great :)
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Ok. After a restart, my task manager is gone again. Should I continue with Kapersky or do something different?
Is regedit gone too?
Yes, we will continue with this:
Delete this file:
C:\WINDOWS\system32\imupdate.exe
Empty Recycle Bin.
A bootlog is a file where windows writes down which drivers are loaded and which not during startup.
Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
Click on the boot.ini tab and check the box that says /BOOTLOG
Click Apply & Ok and reboot the PC (may take a bit longer to boot)
After it reboots, you will get a message that msconfig has been used to change your start settings.
In msconfig, Check Normal Startup on the GENERAL tab, and on the BOOT.INI tab, Uncheck /BOOTLOG. Click Apply, OK.
When a message asks if you want to Reboot now, Click Exit Without Reboot. You don't need to.
Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.
Regedit gone too.
"Access Denied" when trying to delete imupdate.exe. It's in the startup registry key. I can try to remove that with msconfig, restart and try to delete again. Should I do that?
Fix this entry:
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
Reboot.
Delete this:
C:\WINDOWS\system32\imupdate.exe
Reboot.
Check if regedit and task manager are still disabled.
If they are, do that bootlog part, please.
Service Pack 210 1 2008 13:27:37.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver BsStor.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver kmxstart.sys
Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\System32\DRIVERS\rtl8180.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\drivers\smwdm.sys
Loaded driver \SystemRoot\system32\drivers\aeaudio.sys
Loaded driver \SystemRoot\System32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\drivers\ialmkchw.sys
Loaded driver \SystemRoot\system32\drivers\ialmsbw.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \SystemRoot\System32\DRIVERS\kmxcfg.sys
Loaded driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\KmxFile.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\kmxfw.sys
Loaded driver \SystemRoot\System32\Drivers\VETFDDNT.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\VETEFILE.SYS
Loaded driver \SystemRoot\System32\Drivers\VET-REC.SYS
Loaded driver \SystemRoot\System32\Drivers\VET-FILT.SYS
Did not load driver \SystemRoot\System32\Drivers\VET-FILT.SYS
Loaded driver \SystemRoot\System32\Drivers\VETEBOOT.SYS
Did not load driver \SystemRoot\System32\Drivers\VETEFILE.SYS
Loaded driver \SystemRoot\System32\Drivers\VETMONNT.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\BsUDF.SYS
Loaded driver \SystemRoot\System32\Drivers\meiudf.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\KmxSbx.sys
Loaded driver \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\System32\DRIVERS\netdevio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\System32\Drivers\tossmbnt.SYS
Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Did not load driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\KmxCF.sys
Loaded driver \SystemRoot\System32\Drivers\MASPINT.SYS
Did not load driver \SystemRoot\System32\Drivers\mrtRate.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Please re-do that REG ADD part instructed here (http://forums.spybot.info/showpost.php?p=239582&postcount=10), reboot and post back a fresh HijackThis log.
Task Manager and Regedit are back.
HJT Log here:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:49 PM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\TFNF5.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Powery\Desktop\Fix\jezzzzy.exe
C:\Program Files\Support.com\bin\tgcmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08DFE9E-3A5A-44FC-A682-836101BD7651}: NameServer = 192.168.1.254
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11111 bytes
Great news :)
Please now scan with kaspersky and post back kaspersky report and a fresh HijackThis log.
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 2, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 18:43:57
Records in database: 1280689
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases no
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 126341
Threat name 7
Infected objects 47
Suspicious objects 0
Duration of the scan 02:59:18
File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\080B4CFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08724305 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0B0D1F7B Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\139C08FC Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14027F03 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15D13181 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1DF738DF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F923B02 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20AB4A21 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20AE741E Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B11E1A Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B44816 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B87213 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20BE460C Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20C51A05 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20C84401 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20CB6DFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20CE17FA Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20D815EF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20DC3FEB Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20DF69E8 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20E213E4 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20E53DE1 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20EC11D9 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25170ADA Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B896D08 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33582ED2 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36B332FF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37192907 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4DD42AFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54826C2D Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\59CA5D03 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\62C21025 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\655A1901 Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\676C0590 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6E8C578C Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71514B08 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7C7B10FF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CCC7B84 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CE10706 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1
C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1
C:\QooBox\Quarantine\C\WINDOWS\TXkgUGM\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1
C:\QooBox\Quarantine\C\WINDOWS\TXkgUGM\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c 1
The selected area was scanned.
FYI - Norton Systemworks was uninstalled. Looks like the uninstall process left behind the Quarantine folder.
Yes, Norton uninstaller can leave things untouched.
Delete these:
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe
C:\NNSCAA638.EXE
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe
C:\Program Files\Norton SystemWorks\
Empty this folder:
C:\QooBox\Quarantine
Empty Recycle Bin.
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Still problems?
Yes. Looks like some nasty :spider: damaged my windows update. The WUPD site gives me an error of 0x800704DD.
Please see here (http://support.microsoft.com/kb/910341) and post back if it helped.
Yes. Looks like some nasty :spider: damaged my windows update. The WUPD site gives me an error of 0x800704DD.
Yes. The reg edit solution fixed the problem. I couldn't do that before you assisted me in fixing my registry. Thanks very much. :)
Now that my Windows Update is working, should I install SP3 or just keep SP2?
Before that see below for my instructions :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Ran my CA AntiVirus & CA Spyware software before I got your last message. AntiVirus came up clean, however the Spyware app found Limewire, Zenotecnico, Ezula & "Registry Cleaner". Should I have it clean them?
Please post report before if possible.
Sure.
CA Anti-Spyware Log Report
This report was generated on: 10/2/2008-4:04:40 PM
9/27/2008-6:04:42 PM , Detected , Internet Optimizer , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\avenue media" , -1
9/27/2008-6:04:43 PM , Detected , Limewire , P2P , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire" , -1
9/27/2008-6:04:44 PM , Detected , Xmonf.A , Downloader , Key "hkey_users \S-1-5-18\software\microsoft\windows\currentversion\run" value "cu1" data "c:\program files\common files\vcclient\vcclient.exe" , -1
9/27/2008-6:04:44 PM , Detected , Xmonf.A , Downloader , Key "hkey_users \S-1-5-18\software\microsoft\windows\currentversion\run" value "cu2" data "c:\program files\common files\vcclient\vcmain.exe" , -1
9/27/2008-6:04:44 PM , Detected , ISTbar.XXXToolbar , Hijacker , Key "hkey_local_machine \software\classes\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}" , -1
9/27/2008-6:04:45 PM , Detected , SpySheriff , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\sno2" , -1
9/27/2008-6:04:45 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "devicedesc" data "fopn" , -1
9/27/2008-6:04:45 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-6:04:46 PM , Detected , Internet Optimizer , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\policies\avenue media" , -1
9/27/2008-6:04:46 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "service" data "fopn" , -1
9/27/2008-6:04:46 PM , Detected , ISTbar.XXXToolbar , Hijacker , Key "hkey_local_machine \software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}" , -1
9/27/2008-6:04:47 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\internet explorer\main" value "start page" data "c:\secure32.html" , -1
9/27/2008-6:04:47 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\internet explorer\main" value "start page" data "c:\secure32.html" , -1
9/27/2008-6:04:47 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_local_machine \software\microsoft\internet explorer\main" value "start page" data "c:\secure32.html" , -1
9/27/2008-6:04:47 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-6:04:48 PM , Detected , Hijack.Findthewebsiteyouneed , Hijacker , Key "hkey_users \S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main" value "default_search_url" data "http://searchbar.findthewebsiteyouneed.com" , -1
9/27/2008-6:04:48 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "configflags" data "0" , -1
9/27/2008-6:04:48 PM , Detected , Disable Task Manager Reg Entry , Annoyance , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\windows\currentversion\policies\system" value "disabletaskmgr" data "1" , -1
9/27/2008-6:04:48 PM , Detected , Disable Task Manager Reg Entry , Annoyance , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\windows\currentversion\policies\system" value "disabletaskmgr" data "1" , -1
9/27/2008-6:04:49 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "devicedesc" data "network monitor" , -1
9/27/2008-6:04:49 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor" value "nextinstance" data "1" , -1
9/27/2008-6:04:50 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \software\policies" value "{6bf52a52-394a-11d3-b153-00c04f79faa6}" data "6" , -1
9/27/2008-6:04:50 PM , Detected , Registry Cleaner , Rogue Security Software , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\registry cleaner" , -1
9/27/2008-6:04:50 PM , Detected , Notiex , Trojan , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_windows_overlay_components" , -1
9/27/2008-6:04:51 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "class" data "legacydriver" , -1
9/27/2008-6:04:51 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn" value "nextinstance" data "1" , -1
9/27/2008-6:04:51 PM , Detected , Tagasaurus B , Adware , Key "hkey_local_machine \software\system" value "distributor" , -1
9/27/2008-6:04:51 PM , Detected , CoolWebSearch , Hijacker , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\internet explorer\urlsearchhooks" value "_{cfbfae00-17a6-11d0-99cb-00c04fd64497}" , -1
9/27/2008-6:04:51 PM , Detected , ISearch B , Downloader , Key "hkey_local_machine \software\policies" value "{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}" , -1
9/27/2008-6:04:52 PM , Detected , AdClicker , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\install" , -1
9/27/2008-6:04:52 PM , Detected , Trymedia , Adware , Key "hkey_local_machine \software\trymedia systems" , -1
9/27/2008-6:04:52 PM , Detected , KaZaA , P2P , Key "hkey_local_machine \software\magnet" , -1
9/27/2008-6:04:52 PM , Detected , Tagasaurus B , Adware , Key "hkey_local_machine \software\system" value "registered" , -1
9/27/2008-6:04:53 PM , Detected , Deskbar v1.6 , Adware , Key "hkey_classes_root \typelib\{a4c8f181-6cdb-4dcc-9fc9-bb9933c81e1f}" , -1
9/27/2008-6:04:53 PM , Detected , Deskbar v1.6 , Adware , Key "hkey_classes_root \interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d}" , -1
9/27/2008-6:04:53 PM , Detected , Deskbar v1.6 , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\dbtb00001" , -1
9/27/2008-6:04:54 PM , Detected , WinAntiVirus Pro 2006 , Trojan , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\winantivirus pro 2006" , -1
9/27/2008-6:04:54 PM , Detected , Internet Optimizer , Adware , Key "hkey_users \S-1-5-18\software\microsoft\windows\currentversion\policies\ameopt" , -1
9/27/2008-6:04:54 PM , Detected , Registry Cleaner , Rogue Security Software , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\softwareonline.com\soref\{334cca36-c1f1-4649-8dae-a46e24911e1b}" , -1
9/27/2008-6:04:54 PM , Detected , Deskbar v1.6 , Adware , Key "hkey_classes_root \interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c}" , -1
9/27/2008-6:04:55 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "service" data "network monitor" , -1
9/27/2008-6:04:55 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\internet explorer\main" value "local page" data "c:\secure32.html" , -1
9/27/2008-6:04:55 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\internet explorer\main" value "local page" data "c:\secure32.html" , -1
9/27/2008-6:04:55 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_local_machine \software\microsoft\internet explorer\main" value "local page" data "c:\secure32.html" , -1
9/27/2008-6:04:55 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "legacy" data "1" , -1
9/27/2008-6:04:56 PM , Detected , ISTbar.XXXToolbar , Hijacker , Key "hkey_classes_root \interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}" , -1
9/27/2008-6:04:56 PM , Detected , Deskbar v1.6 , Adware , Key "hkey_classes_root \interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108}" , -1
9/27/2008-6:04:56 PM , Detected , YourEnhancement , Downloader , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\system\sysuid" , -1
9/27/2008-6:04:56 PM , Detected , YourEnhancement , Downloader , Key "hkey_users \S-1-5-18\software\system\sysuid" , -1
9/27/2008-6:04:56 PM , Detected , ISearch , Spyware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_cmdservice" , -1
9/27/2008-6:04:57 PM , Detected , ISTbar.XXXToolbar , Hijacker , Key "hkey_classes_root \interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}" , -1
9/27/2008-6:04:57 PM , Detected , SpySheriff , Adware , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\microsoft\internet explorer\main" value "default_page_url" data "c:\secure32.html" , -1
9/27/2008-6:04:57 PM , Detected , SpySheriff , Adware , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\internet explorer\main" value "default_page_url" data "c:\secure32.html" , -1
9/27/2008-6:04:57 PM , Detected , Trojan.Win32.StartPage.afs , Hijacker , Key "hkey_local_machine \software\microsoft\internet explorer\main" value "default_page_url" data "c:\secure32.html" , -1
9/27/2008-6:04:58 PM , Detected , 2o7.net , Tracking Cookie , Cookie "system@2o7[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@2o7[1].txt" , 772113481
9/27/2008-6:04:58 PM , Detected , Ad.YieldManager.com Cookie , Tracking Cookie , Cookie "system@ad.yieldmanager[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@ad.yieldmanager[2].txt" , 1383258994
9/27/2008-6:04:58 PM , Detected , AdKnowledge.com , Tracking Cookie , Cookie "system@adknowledge[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@adknowledge[2].txt" , -1538589435
9/27/2008-6:04:58 PM , Detected , Advertising.com , Tracking Cookie , Cookie "system@advertising[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@advertising[2].txt" , 710718979
9/27/2008-6:04:59 PM , Detected , AtlasDMT.com , Tracking Cookie , Cookie "system@atdmt[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@atdmt[2].txt" , -2047944474
9/27/2008-6:04:59 PM , Detected , atwola.com , Tracking Cookie , Cookie "system@atwola[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@atwola[1].txt" , 1848470686
9/27/2008-6:04:59 PM , Detected , Bizrate , Tracking Cookie , Cookie "system@bizrate[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@bizrate[2].txt" , 48704080
9/27/2008-6:04:59 PM , Detected , Enhance , Tracking Cookie , Cookie "system@c.enhance[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@c.enhance[1].txt" , 1333311030
9/27/2008-6:05:00 PM , Detected , goClick.com , Tracking Cookie , Cookie "system@c.goclick[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@c.goclick[1].txt" , 309123427
9/27/2008-6:05:00 PM , Detected , ClickBank , Tracking Cookie , Cookie "system@clickbank[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@clickbank[2].txt" , 178182582
9/27/2008-6:05:00 PM , Detected , Com.com , Tracking Cookie , Cookie "system@com[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@com[1].txt" , -1309270531
9/27/2008-6:05:01 PM , Detected , HitsLink.com , Tracking Cookie , Cookie "system@counter2.hitslink[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@counter2.hitslink[2].txt" , 984561257
9/27/2008-6:05:01 PM , Detected , cpvfeed.com , Tracking Cookie , Cookie "system@cpvfeed[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@cpvfeed[1].txt" , 1108283529
9/27/2008-6:05:01 PM , Detected , Overture.com , Tracking Cookie , Cookie "system@data3.perf.overture[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@data3.perf.overture[1].txt" , -873603309
9/27/2008-6:05:01 PM , Detected , DealTime , Tracking Cookie , Cookie "system@dealtime[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@dealtime[1].txt" , 858770959
9/27/2008-6:05:02 PM , Detected , DoubleClick , Tracking Cookie , Cookie "system@doubleclick[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@doubleclick[1].txt" , 896606127
9/27/2008-6:05:02 PM , Detected , Edge.ru4 , Tracking Cookie , Cookie "system@edge.ru4[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@edge.ru4[1].txt" , 1715128909
9/27/2008-6:05:02 PM , Detected , HitBox.com , Tracking Cookie , Cookie "system@ehg-traderelectronicmedia.hitbox[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@ehg-traderelectronicmedia.hitbox[2].txt" , 886053998
9/27/2008-6:05:03 PM , Detected , Exitexchange , Tracking Cookie , Cookie "system@exitexchange[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@exitexchange[2].txt" , 1906481816
9/27/2008-6:05:03 PM , Detected , Findwhat , Tracking Cookie , Cookie "system@findwhat[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@findwhat[1].txt" , -1567095985
9/27/2008-6:05:03 PM , Detected , HitBox.com , Tracking Cookie , Cookie "system@hitbox[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@hitbox[2].txt" , -1364847856
9/27/2008-6:05:04 PM , Detected , indexstats.com , Tracking Cookie , Cookie "system@indexstats[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@indexstats[1].txt" , -1082533105
9/27/2008-6:05:04 PM , Detected , insightexpressai.com , Tracking Cookie , Cookie "system@insightexpressai[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@insightexpressai[2].txt" , -1355809462
9/27/2008-6:05:04 PM , Detected , Mediaplex.com , Tracking Cookie , Cookie "system@mediaplex[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@mediaplex[1].txt" , 1020521247
9/27/2008-6:05:04 PM , Detected , 2o7.net , Tracking Cookie , Cookie "system@partygaming.122.2o7[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@partygaming.122.2o7[1].txt" , -1887886283
9/27/2008-6:05:05 PM , Detected , Party Poker , Tracking Cookie , Cookie "system@partypoker[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@partypoker[1].txt" , 762722630
9/27/2008-6:05:05 PM , Detected , QuestionMarket.com , Tracking Cookie , Cookie "system@questionmarket[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@questionmarket[1].txt" , -58475873
9/27/2008-6:05:05 PM , Detected , RealMedia.com , Tracking Cookie , Cookie "system@realmedia[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@realmedia[1].txt" , 1661106005
9/27/2008-6:05:06 PM , Detected , sportsline.com , Tracking Cookie , Cookie "system@sportsline[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@sportsline[1].txt" , -1954184888
9/27/2008-6:05:06 PM , Detected , DealTime , Tracking Cookie , Cookie "system@stat.dealtime[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@stat.dealtime[2].txt" , 1152342704
9/27/2008-6:05:06 PM , Detected , Stat.Onestat , Tracking Cookie , Cookie "system@stat.onestat[2].txt" File "C:\Documents and Settings\LocalService\cookies\system@stat.onestat[2].txt" , 182950535
9/27/2008-6:05:07 PM , Detected , Statcounter , Tracking Cookie , Cookie "system@statcounter[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@statcounter[1].txt" , -1863095370
9/27/2008-6:05:07 PM , Detected , traderonline.com , Tracking Cookie , Cookie "system@traderonline[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@traderonline[1].txt" , -2085989693
9/27/2008-6:05:07 PM , Detected , TrafficMarketplace , Tracking Cookie , Cookie "system@trafficmp[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@trafficmp[1].txt" , 1680692341
9/27/2008-6:05:08 PM , Detected , Tripod , Tracking Cookie , Cookie "system@tripod[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@tripod[1].txt" , -1608618079
9/27/2008-6:05:08 PM , Detected , winantiviruspro.com , Tracking Cookie , Cookie "system@www.winantiviruspro[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@www.winantiviruspro[1].txt" , 459469065
9/27/2008-6:05:09 PM , Detected , winantivirus.com , Tracking Cookie , Cookie "system@www.winantivirus[1].txt" File "C:\Documents and Settings\LocalService\cookies\system@www.winantivirus[1].txt" , -1208346826
9/27/2008-7:09:19 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "devicedesc" data "fopn" , -1
9/27/2008-7:09:19 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-7:09:20 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "service" data "fopn" , -1
9/27/2008-7:09:21 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-7:09:21 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "configflags" data "0" , -1
9/27/2008-7:09:21 PM , Detected , Disable Task Manager Reg Entry , Annoyance , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\windows\currentversion\policies\system" value "disabletaskmgr" data "1" , -1
9/27/2008-7:09:22 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "devicedesc" data "network monitor" , -1
9/27/2008-7:09:22 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor" value "nextinstance" data "1" , -1
9/27/2008-7:09:24 PM , Detected , Notiex , Trojan , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_windows_overlay_components" , -1
9/27/2008-7:09:24 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "class" data "legacydriver" , -1
9/27/2008-7:09:24 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn" value "nextinstance" data "1" , -1
9/27/2008-7:09:26 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "service" data "network monitor" , -1
9/27/2008-7:09:26 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "legacy" data "1" , -1
9/27/2008-7:09:27 PM , Detected , ISearch , Spyware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_cmdservice" , -1
9/27/2008-7:09:48 PM , Detected , Look2Me , Homepage Hijacker , File "c:\windows\temp\bw2.com" , -950611276
9/27/2008-7:09:52 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
9/27/2008-7:09:53 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "c:\documents and settings\all users\start menu\programs\registrycleaner" , -1
9/27/2008-7:09:54 PM , Detected , WinAntiVirus Pro 2006 , Trojan , Folder "C:\Documents and Settings\My Pc\application data\winantivirus pro 2006" , -1
9/27/2008-7:10:00 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
9/27/2008-7:10:00 PM , Detected , WinAntiVirus Pro 2007 , Trojan , File "c:\windows\system32\stera.log" , -1997000554
9/27/2008-7:10:01 PM , Detected , DollarRevenue BZ , Downloader , File "c:\windows\keyboard1.dat" , -1
9/27/2008-7:10:02 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\LocalService\Desktop\soref_regclean.exe" , -1336253164
9/27/2008-7:10:11 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
9/27/2008-7:10:11 PM , Detected , AdWare.Win32.AdURL.c , Adware , File "c:\windows\icont.exe" , -950611276
9/27/2008-7:10:12 PM , Detected , Brunme , Trojan , File "c:\windows\system32\winbrume.dll" , -1
9/27/2008-7:10:14 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
9/27/2008-7:10:15 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
9/27/2008-7:10:20 PM , Detected , WinAntiVirus Pro 2006 , Trojan , File "c:\windows\temp\~wa6psetup.exe" , -350391275
9/27/2008-10:29:50 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "devicedesc" data "fopn" , -1
9/27/2008-10:29:51 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-10:29:52 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "service" data "fopn" , -1
9/27/2008-10:29:53 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "classguid" data "{8ecc055d-047f-11d1-a537-0000f8753ed1}" , -1
9/27/2008-10:29:53 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "configflags" data "0" , -1
9/27/2008-10:29:53 PM , Detected , Disable Task Manager Reg Entry , Annoyance , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\microsoft\windows\currentversion\policies\system" value "disabletaskmgr" data "1" , -1
9/27/2008-10:29:53 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "devicedesc" data "network monitor" , -1
9/27/2008-10:29:54 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor" value "nextinstance" data "1" , -1
9/27/2008-10:29:55 PM , Detected , Notiex , Trojan , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_windows_overlay_components" , -1
9/27/2008-10:29:55 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "class" data "legacydriver" , -1
9/27/2008-10:29:55 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn" value "nextinstance" data "1" , -1
9/27/2008-10:29:58 PM , Detected , ImIServer IEPlugin , Adware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_network_monitor\0000" value "service" data "network monitor" , -1
9/27/2008-10:29:58 PM , Detected , WinAntiSpyware 2007 , Rogue Security Software , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_fopn\0000" value "legacy" data "1" , -1
9/27/2008-10:29:59 PM , Detected , ISearch , Spyware , Key "hkey_local_machine \system\currentcontrolset\enum\root\legacy_cmdservice" , -1
9/27/2008-10:30:20 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
9/27/2008-10:30:23 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "c:\documents and settings\all users\start menu\programs\registrycleaner" , -1
9/27/2008-10:30:26 PM , Detected , WinAntiVirus Pro 2006 , Trojan , Folder "C:\Documents and Settings\My Pc\application data\winantivirus pro 2006" , -1
9/27/2008-10:30:53 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
9/27/2008-10:31:02 PM , Detected , WinAntiVirus Pro 2007 , Trojan , File "c:\windows\system32\stera.log" , -1997000554
9/27/2008-10:31:18 PM , Detected , DollarRevenue BZ , Downloader , File "c:\windows\keyboard1.dat" , -1
9/27/2008-10:31:19 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\LocalService\Desktop\soref_regclean.exe" , -1336253164
9/27/2008-10:32:52 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
9/27/2008-10:32:52 PM , Detected , AdWare.Win32.AdURL.c , Adware , File "c:\windows\icont.exe" , -950611276
9/27/2008-10:32:56 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
9/27/2008-10:32:56 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
9/27/2008-10:33:01 PM , Detected , WinAntiVirus Pro 2006 , Trojan , File "c:\windows\temp\~wa6psetup.exe" , -350391275
10/2/2008-2:58:14 PM , Detected , SpywareSolver , Rogue Security Software , Key "hkey_users \CAHive_S-1-5-21-4234909306-633017728-3182789112-1006\software\noadware4" , -1
10/2/2008-2:58:21 PM , Detected , KaZaA , P2P , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\kazaa" , -1
10/2/2008-2:58:22 PM , Detected , Bifrost , Backdoor , Key "hkey_users \S-1-5-21-4234909306-633017728-3182789112-1007\software\wget" , -1
10/2/2008-2:58:24 PM , Detected , webtrends.com , Tracking Cookie , Cookie "powery@m.webtrends[2].txt" File "C:\Documents and Settings\Powery\cookies\powery@m.webtrends[2].txt" , -333703347
10/2/2008-2:58:32 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-2:58:34 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-2:58:34 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-2:58:39 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-2:58:42 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/2/2008-3:18:12 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-3:18:14 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-3:18:15 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-3:18:20 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-3:18:23 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/2/2008-4:03:25 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-4:03:28 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-4:03:28 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-4:03:38 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-4:03:44 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
***End Report***
Sorry. That log had old items in it. Here's a clean log:
CA Anti-Spyware Log Report
This report was generated on: 10/2/2008-4:17:58 PM
10/2/2008-4:17:36 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-4:17:37 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-4:17:37 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-4:17:42 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-4:17:45 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
***End Report***
Yes, you can let it remove what it found :)
Still some concerns?
Can't access the "My Pc" folder. Access denied.
I cannot access the items in the Spyware log. Tried to log in as "My Pc" but got a message that said Windows can't find the profile and is loading a default profile instead. Should I just remove the "My Pc" user?
Is My PC your default user account?
No. "Powery" is the main account. Not sure where "My Pc" came from.
I see.
Then it should be safe to remove it.
Deleted. Lots of viruses reported by the CA real-time scanner while Windows was deleting the user. Running CA Anti-Spyware again.
OK, post back a fresh log afterwards :)
Still scanning. Realtime virus scanner has found 1007 infections so far. Most are in system restore profiles. I will post both the spyware log and the virus log when the scan is done.
CA Anti-Spyware Log Report
This report was generated on: 10/3/2008-2:58:16 PM
10/2/2008-4:17:36 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-4:17:37 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-4:17:37 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-4:17:42 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-4:17:45 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/3/2008-8:19:32 AM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/3/2008-8:19:35 AM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/3/2008-8:19:40 AM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/3/2008-8:19:41 AM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/3/2008-8:19:41 AM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/3/2008-8:28:03 AM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/3/2008-1:54:10 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\LocalService\Desktop\soref_regclean1.exe" , -1336253164
10/3/2008-1:55:33 PM , Detected , Limewire , P2P , File "C:\Documents and Settings\temp docs\Desktop\New Folder (2)\LimeWireWin.exe" , 213643229
10/3/2008-2:06:18 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\class-barrel" , -1563323414
10/3/2008-2:06:19 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\kwroc.dll" , -919127422
10/3/2008-2:06:19 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\vocabulary" , 1232026381
10/3/2008-2:23:35 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Program Files\Registry Cleaner Retail\regclean.dll" , 261815134
10/3/2008-2:23:35 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Program Files\Registry Cleaner Retail\Registry Cleaner.chm" , 420554717
10/3/2008-2:25:05 PM , Detected , Look2Me , Homepage Hijacker , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP429\A0391292.exe" , -2120863413
10/3/2008-2:26:55 PM , Detected , TargetSaver , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP430\A0396411.exe" , 1741017211
10/3/2008-2:26:58 PM , Detected , TargetSaver , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP430\A0396414.exe" , 25981234
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416812.dll" , 473871802
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416813.dll" , -2034535928
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416814.dll" , -545363932
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416815.dll" , 122490953
10/3/2008-2:29:04 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416816.EXE" , 248181904
10/3/2008-2:30:53 PM , Detected , Look2Me , Homepage Hijacker , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0420669.exe" , 1303292771
10/3/2008-2:35:11 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481312.exe" , -1770466895
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481316.exe" , -477687333
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481317.exe" , -1098554904
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481318.exe" , -279719749
10/3/2008-2:35:14 PM , Detected , QuickLinks , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481320.exe" , -1722774454
10/3/2008-2:35:15 PM , Detected , QuickLinks , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481321.exe" , 1651812121
10/3/2008-2:35:43 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481749.exe" , -2054246313
10/3/2008-2:35:43 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481750.dll" , 511234291
10/3/2008-2:35:44 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481757.dll" , 1404652916
10/3/2008-2:38:23 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0482043.exe" , -1336253164
10/3/2008-2:39:06 PM , Detected , WinAntiVirus Pro 2006 , Trojan , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0482864.dll" , -979978231
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483663.dll" , -589865272
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483664.exe" , -300157616
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483665.vbs" , 895676625
10/3/2008-2:39:36 PM , Detected , New.Net.Domain.Plugin , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483872.EXE" , 415388503
10/3/2008-2:40:17 PM , Detected , SurfSideKick , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484634.exe" , -1003763497
10/3/2008-2:40:17 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484635.exe" , -417697825
10/3/2008-2:40:18 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484637.exe" , 213643229
10/3/2008-2:48:01 PM , Detected , PowerReg Scheduler , Adware , File "C:\WINDOWS\pss\PowerReg Scheduler.exeStartup" , 1752718300
***End Report***
This is a partial list of the viruses that were not in the System Restore area:
9/27/2008 17:35:54 PM File infection: C:\WINDOWS\system32\se500mdmd.sys is Win32/Starimp!generic trojan.
9/27/2008 17:35:54 PM File infection: C:\WINDOWS\Head24.exe is Win32/Petribot.MS worm.
9/27/2008 17:35:54 PM File infection: C:\WINDOWS\Head24.exe is Win32/Petribot.MS worm.
9/27/2008 17:35:55 PM File infection: C:\WINDOWS\win32crypt.exe is Win32/Petribot!generic worm.
9/27/2008 17:35:55 PM File infection: C:\WINDOWS\win32crypt.exe is Win32/Petribot!generic worm.
9/27/2008 17:48:09 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan. Deleted
9/27/2008 17:48:12 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:19 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:23 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:28 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:34 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:41 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan. Deleted
9/27/2008 17:48:45 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:49 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:50 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:52 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:53 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan. Deleted
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:20 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
10/3/2008 13:42:21 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\qhndy.exe is Win32/Anserin!generic trojan. Deleted
10/3/2008 13:42:23 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\real.exe is Win32/Multidropper.Y trojan. Deleted
10/3/2008 13:42:26 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\secure32.html is HTML/Startpage.TH trojan. Deleted
10/3/2008 13:42:27 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\uocgmrym.exe is Win32/Beenut!generic trojan. Deleted
10/3/2008 13:42:27 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\visfx500.exe is Win32/Notiex.E dropper. Deleted
10/3/2008 13:42:28 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winstall.exe is Win32/Oneraw.AY trojan. Deleted
10/3/2008 13:42:28 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winsysban11.exe is Win32/Thoog.I trojan. Deleted
10/3/2008 13:42:29 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winsysupd11.exe is Win32/Thoog.I trojan. Deleted
10/3/2008 13:42:56 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temp\540144176436\2568.tmp is Win32/Thoog.MW trojan. Deleted
10/3/2008 13:44:10 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temporary Internet Files\Content.IE5\89A789AF\wsem303[1].dll is Win32/Dyfuca.F trojan. Deleted
10/3/2008 13:44:12 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temporary Internet Files\Content.IE5\O1YVWLYN\rogue[1].exe is Win32/Dyfuca.B trojan. Deleted
Also, I attempted to disable system restore to remove the stored system profiles. However, when I went to the System Restore tab, system restore was already turned off. Should I enable it and then disable it again? Not sure why the old restore points are still on the system.
Sorry for delay, for some reason I got no email notiifcation.
Yes, please disable and enable system restore and then re-scan with CA and post back log here.
Log came up empty. Looks to be all clean. Should I continue with your "clean up" message?
Thank you very much for your help.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.