Rdw

RR is offering free CA 2010 Internet Suite but won't install until Malwarebytes is removed. Any way around this? I realize some don't like CA but the price is right... Malwarebytes has come to my rescue in the past and I hate to give it up.

Maurice, thanks for the patience and time to walk thru this with me. Roger

Maurice, all 3 logs are attached Malwarebytes' Anti-Malware 1.44 Database version: 3640 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/26/2010 8:56:07 AM mbam-log-2010-01-26 (08-56-07).txt Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|K:\|) Objects scanned: 263147 Time elapsed: 1 hour(s), 16 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/4/2008 8:52:22 PM System Uptime: 1/24/2010 8:45:09 AM (49 hours ago) Motherboard: Intel Corporation | | OEMD975XLAG1 Processor: Intel® Core2 CPU 6700 @ 2.66GHz | J3E1 | 2666/266mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 70 GiB total, 20.778 GiB free. D: is FIXED (FAT32) - 4 GiB total, 2.73 GiB free. E: is CDROM (UDF) F: is CDROM () G: is FIXED (NTFS) - 19 GiB total, 7.216 GiB free. H: is FIXED (NTFS) - 488 GiB total, 310.208 GiB free. I: is FIXED (NTFS) - 293 GiB total, 236.827 GiB free. K: is FIXED (NTFS) - 150 GiB total, 127.406 GiB free. N: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP15: 1/18/2010 10:19:30 PM - System Checkpoint RP16: 1/20/2010 12:18:34 AM - System Checkpoint RP17: 1/20/2010 1:54:23 PM - Spybot-S&D Spyware removal RP18: 1/21/2010 5:54:11 PM - System Checkpoint RP19: 1/21/2010 10:59:46 PM - Installed Windows XP -- Software Updates KB952011. RP20: 1/22/2010 8:14:19 AM - Software Distribution Service 3.0 RP21: 1/23/2010 2:23:48 PM - System Checkpoint RP22: 1/24/2010 7:32:35 PM - System Checkpoint RP23: 1/25/2010 9:05:37 PM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Flash Player 10 ActiveX Adobe Reader 8.2.0 Adobe SVG Viewer 3.0 AnswerWorks 4.0 Runtime - English AnswerWorks 5.0 English Runtime ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder CA Anti-Spam CA Anti-Spyware CA Anti-Virus CA Internet Security Suite Canon MP Navigator 2.2 Canon MP830 Canon Utilities Easy-PhotoPrint CCleaner Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) DartViewer Data Lifeguard Diagnostic for Windows DxO Optics Pro 6 Easy-WebPrint EMBASSY Security Center ERUNT 1.1j Garmin Communicator Plugin Garmin MapSource Garmin TOPO U.S. 2008 Garmin USB Drivers Garmin WebUpdater Google Gears Google Toolbar for Internet Explorer Google Update Helper Greeting Card Factory Deluxe 7.0 gtw_logo GWCares High Definition Audio Driver Package - KB888111 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) ieSpell Intel Audio Studio 2.0 Intel® PRO Network Connections Drivers InterVideo DeviceService Java 2 Runtime Environment, SE v1.4.2 Java 6 Update 17 Java 6 Update 7 Juniper Networks Host Checker Juniper Networks Secure Application Manager K-Lite Codec Pack 3.4.0 Full Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft English TTS Engine Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Location Finder Microsoft National Language Support Downlevel APIs Microsoft Office Small Business Edition 2003 Microsoft Office XP Media Content Microsoft Streets & Trips 2007 Microsoft USB Flash Drive Manager Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB925673) Multimedia Keyboard Driver Nero 8 neroxml Network USB Utility Noiseware Standard Edition NTRU Hybrid TSS v1.05 O&O Defrag Professional Edition OmniPage SE 2.0 Photo Story 3 for Windows Picasa 3 PowerDVD Presto! PageManager 7.15.11 QuickTime Recover My Files Recovery Software Suite Gateway Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) SigmaTel Audio Smilebox Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy STMicroelectronics TPM Software Package TurboTax 2008 TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wohiper TurboTax 2008 wrapper TurboTax Home & Business 2007 Ulead VideoStudio 11 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 7 (KB976749) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VideoStudio Viewpoint Media Player WD Backup WD Diagnostics WD Firewire HID Driver WebFldrs XP WIBU-KEY Setup (WIBU-KEY Remove) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 1/26/2010 7:28:13 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v1.05 TCSD service terminated unexpectedly. It has done this 1 time(s). ==== End Of File =========================== DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 9:03:19.29 on Tue 01/26/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1217 [GMT -5:00] AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.foxnews.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [CHotkey] zHotkey.exe mRun: [WD Button Manager] WDBtnMgr.exe mRun: [OODefragTray] c:\windows\system32\oodtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [D-Link Network USB Utility] c:\program files\d-link\network usb utility\Network USB Utility.exe -mini mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [CaPPcl] c:\program files\ca\ca internet security suite\ca anti-spyware\CAAntiSpyware.exe /scan /startup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll Trusted Zone: copcp.com\vpn Trusted Zone: copcp.com\www Trusted Zone: copcp.local\integreat Trusted Zone: iccchartweb1 Trusted Zone: icchart Trusted Zone: iccsql Trusted Zone: iccsql01 Trusted Zone: iccsql1 Trusted Zone: iccsql2 Trusted Zone: iccweb1 Trusted Zone: iccweb2 Trusted Zone: iccweb3 Trusted Zone: iccweb4 Trusted Zone: integreat Trusted Zone: integreat2 Trusted Zone: intradocs2 Trusted Zone: intuit.com Trusted Zone: plaxo.com\www Trusted Zone: turbotax.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/40.14/uploader2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.copcp.com/dana-cached/setup/JuniperSetupSP1.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2006-10-10 21504] R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [2007-10-3 63008] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-9-25 26352] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-9-25 21104] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-9-25 21488] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-9-25 32240] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-9-25 144960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-23 236368] R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-9-25 238832] R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-8-18 73600] R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [2008-8-18 97408] R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2006-10-10 40448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-23 19160] R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-18 133104] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31.tmp --> c:\windows\system32\31.tmp [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-2-2 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-2-2 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-2-2 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-2-2 23680] =============== Created Last 30 ================ 2010-01-17 04:28:52 0 d-----w- c:\program files\Western Digital 2010-01-17 04:27:41 0 d-----w- c:\program files\Western Digital Corporation 2010-01-17 04:27:31 20992 ----a-w- c:\windows\jestertb.dll 2010-01-16 23:42:14 0 d-----w- c:\documents and settings\administrator\New Folder 2010-01-12 13:22:42 0 d-----w- c:\program files\TrendMicro 2010-01-12 03:07:29 0 d-----w- C:\DCE 2010-01-03 13:20:28 0 d-----w- C:\_OTL 2009-12-31 03:27:09 0 d-----w- c:\docume~1\admini~1\applic~1\DxO Labs 2009-12-30 19:15:51 0 d-sha-r- C:\cmdcons 2009-12-30 19:15:15 98816 ----a-w- c:\windows\sed.exe 2009-12-30 19:15:15 77312 ----a-w- c:\windows\MBR.exe 2009-12-30 19:15:15 261632 ----a-w- c:\windows\PEV.exe 2009-12-30 19:15:15 161792 ----a-w- c:\windows\SWREG.exe ==================== Find3M ==================== 2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-01 16:29:33 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys 2009-12-01 16:29:33 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2009-12-01 16:29:33 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2009-12-01 16:29:33 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2009-12-01 16:29:33 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2009-12-01 16:29:33 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys 2009-11-13 22:57:16 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-11-13 22:57:16 426496 ------w- c:\windows\system32\imapi2.dll ============= FINISH: 9:03:36.82 ===============

Sorry that was for the Bifrost trojan only

fyi -- I found 'camfrog 5.5.exe' in registry - a site suggested that was the bad file so I deleted it.

Maurice - sorry but I don't think it is over....Here is the log from routine scan today from CA antivirus... Computer is running fine. I am very concerned re passwords etc. CA Anti-Spyware Log Report This report was generated on: 1/19/2010-6:01:59 PM 1/19/2010-7:55:24 AM , Deleted , Bifrost , Backdoor , Key "hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\wget" , -1 1/19/2010-7:55:24 AM , Deleted , WinSpywareProtect , Rogue Security Software , Key "hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\microsoft\windows\currentversion\drivers" , -1 1/19/2010-7:55:24 AM , Deleted , WinAntiVirus Pro 2006 , Rogue Security Software , Key "hkey_classes_root \*\shellex\contextmenuhandlers\shellextension" , -1 1/19/2010-7:55:24 AM , Deleted , Bifrost , Backdoor , Key "hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\wget" , -1 1/19/2010-7:55:24 AM , Deleted , WinSpywareProtect , Rogue Security Software , Key "hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\microsoft\windows\currentversion\drivers" , -1 1/19/2010-7:55:24 AM , Deleted , WinAntiVirus Pro 2006 , Rogue Security Software , Key "hkey_classes_root \*\shellex\contextmenuhandlers\shellextension" , -1 ***End Report*** Roger

Removed both - was related to the f-online scanner. I hate to say "all is well" but no more issues unless you are seeing something in the log files. Anything else I need to do now?

Maurice, Overall definitely better but CA picked up again tolt.339 and trivial.25.C viruses in files cran.ivd and cran.cvd in the Settings\Temp\OnlineScanner\updates\aquawin32 this morning. it has done this 3 times since we started working on this. Is it a false + ? With Trend Micro, I saw the DivX folder had a virus found - I don't use it anymore so deleted it even though it said it was repaired. I found this thread that suggested trival.25 was related to F online scanner http://forum.avira.com/wbb/index.php?page=...p;postID=826152 Can I just perm delete the cran.cvd, cran.ivd files? Roger

Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 8:23:44 AM, on 1/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe -mini O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\RunOnce: [TSC] "C:\DCE\TSC_Temp\tsc.exe" /HD O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://vpn.copcp.com O15 - Trusted Zone: http://www.copcp.com O15 - Trusted Zone: http://integreat.copcp.local O15 - Trusted Zone: http://*.iccchartweb1 O15 - Trusted Zone: http://*.icchart O15 - Trusted Zone: http://*.iccsql O15 - Trusted Zone: http://*.iccsql01 O15 - Trusted Zone: http://*.iccsql1 O15 - Trusted Zone: http://*.iccsql2 O15 - Trusted Zone: http://*.iccweb1 O15 - Trusted Zone: http://*.iccweb2 O15 - Trusted Zone: http://*.iccweb3 O15 - Trusted Zone: http://*.iccweb4 O15 - Trusted Zone: http://*.integreat O15 - Trusted Zone: http://*.integreat2 O15 - Trusted Zone: http://*.intradocs2 O15 - Trusted Zone: *.intuit.com O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/40.14/uploader2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} (Setup Class) - https://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.copcp.com/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- End of file - 12753 bytes

Malwarebytes' Anti-Malware 1.44 Database version: 3545 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/12/2010 1:08:54 AM mbam-log-2010-01-12 (01-08-54).txt Scan type: Quick Scan Objects scanned: 110444 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

sysclean.log /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2010-01-11, 22:22:55, Auto-clean mode specified. 2010-01-11, 22:22:55, Initialized Rootkit Driver version 2.2.0.1004. 2010-01-11, 22:22:55, Running scanner "C:\DCE\TSC.BIN"... 2010-01-11, 22:23:03, Scanner "C:\DCE\TSC.BIN" has finished running. 2010-01-11, 22:23:03, TSC Log:

Scanning Report Monday, January 11, 2010 21:02:34 - 21:52:35 Computer name: GATEWAY Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ G:\ I:\ M:\ -------------------------------------------------------------------------------- 3 malware found TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 377269 System: 4156 Not scanned: 116 Actions: Disinfected: 3 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\TEMP\PERFLIB_PERFDATA_3B4.DAT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100101060710.zip\0 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100101060710.zip\1 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100102060713.zip\0 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100102060713.zip\1 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100101060710.zip\2 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\Quarantine\20100102060713.zip\2 C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSPCL.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSAN.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\MISTRAL.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\PAPYRUS.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\FREESCPT.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNB.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNBI.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNI.TTF C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALN.TTF C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard.zip\sbRecovery.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard.zip\sbRecovery.ini C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.DAT C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.DAT.LOG C:\Documents and Settings\Administrator\My Documents\Ulead VideoStudio\11.0\DMF_TEMP\CvtedTitle\Mar13_2354x000Untitled_00.mpg C:\Documents and Settings\Administrator\My Documents\Ulead VideoStudio\11.0\DMF_TEMP\CvtedTitle\May01_2304x000Untitled_00.mpg C:\Documents and Settings\Administrator\My Documents\NeroVision\CapturedVideo\Deer 09.avi C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~DF52C3.TMP C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~DF5403.TMP C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\GOOGLE TOOLBAR\GOOGLETOOLBARWELCOME.LOG C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\BILOXI TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\BASKETBALL.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\CME.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\DELETED ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\GOLDENS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\EBAY.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\ITUNES.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\KIDS STUFF.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\MG AUTO.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\MYRTLE BEACH TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\SENT ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{F6354BD0-5428-4037-A494-CF67115CFFEC}\MICROSOFT\OUTLOOK EXPRESS\WANDA'S .DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\BASKETBALL.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\BILOXI TRIP (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\BILOXI TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\BOATHOUSE.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\CA ANTI-SPAM.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\CME.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\CREW (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\CREW.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\DELETED ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\GOLDENS (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\HD WRESTLING.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\HGSA SOFTBALL.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\ITUNES.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\KIDS STUFF (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\KIDS STUFF.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\LADY LAKERS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\LAND.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\MG AUTO (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\MISC..DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\MYRTLE BEACH TRIP (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\MYRTLE BEACH TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\RECEIPTS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\RED DEVILS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\SENT ITEMS (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\SUMMER BASEBALL.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\WANDA'S (1).DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{84238591-BD2B-446E-956C-1C33B0286B78}\MICROSOFT\OUTLOOK EXPRESS\WANDA'S .DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\BASKETBALL.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\BILOXI TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\CME.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\CREW.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\DELETED ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\EBAY.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\GOLDENS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\ITUNES.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\KIDS STUFF.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\LAND.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\MG AUTO.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\MISC..DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\MYRTLE BEACH TRIP.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\SENT ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{48A71D91-AEA7-4031-8448-5B0899D97FDF}\MICROSOFT\OUTLOOK EXPRESS\WANDA'S .DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\MICROSOFT\OUTLOOK EXPRESS\DELETED ITEMS.DBX C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IDENTITIES\{0D6D0973-DA53-4C95-8CBB-C6A680FD3FF5}\MICROSOFT\OUTLOOK EXPRESS\INBOX.DBX C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\DefenderPro.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\DriveCrypt.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\LuaCommon.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\NetMotion.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\Safari.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\scpt.dat\TenebrilAS.lua C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Host Checker\tables.dat\tables.xml -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan all files Scan inside archives Use advanced heuristics -------------------------------------------------------------------------------- Copyright

IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [011CF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [011D0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [011D0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [011CF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [011CF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [011D0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [011D0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [011CF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [011D0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [011CFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [011CF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [011CFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [011CFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3708] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [011CF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xAF 0xFA 0x7B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x6C 0xCE 0x39 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xC6 0x32 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xAF 0xFA 0x7B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x6C 0xCE 0x39 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xC6 0x32 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xAF 0xFA 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x6C 0xCE 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xC6 0x32 0x8A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xAF 0xFA 0x7B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x6C 0xCE 0x39 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0xC6 0x32 0x8A ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 961D19B5A4D2B5FEEA23C325AE57D2EB806360A74FF32983A317CE75CEFB2D0827041FD127C3AA4C FD143FE4EA5C80F3F23B4AEDC626700B6A375AB60234FEEAB3106EE9A2F35DEBEAF665AA12B6EEED 6 DE8FE7FD900D027DB2BF612ED23FBCEAA9529BA86B5F48DC825C6DC8A5086C44E68A1138B9D129EB E B77C2A4EBC6FF7DDBDF47366F05A9214CDFB5861A3F016DA8E59CF7FAE3FECC174BF15FE06E55F85 8 37B3578A23D8EABF01F6D45C09E36B981D155FD7AAB42F6CBA15C049AAF31B9B96A1998570F4D536 4 4EDE8BCEC12B7A3C3BB175596881527E7FFE01A6E24E7A0473A843B205CAB153ACFEBC9E127BECC7 4 CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74 C A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335D575E7D6A3B98083E681C41394E3955 1 D22C1DF347E8E78F6EEECB7E4E2840CCAF4CAE8859ED3F4C715EA3C58FED507DB44ACD62613993D9 2 740274FCE9527FBC94813648CA08FA6D15C586310F2A864B881B7E5881DC1A28C6836E54CFABD5F0 A C07620E127A95E5E552CBDBD5539DACC628A3FD4679C92736A2B35EDD595925A741DDA626B6C2DB2 9 4CFD260DC29A377A05D802C5E50CF336A298BF3E73DB0A1228DA151C1D82ECA580D30FD33C4F17C0 7 2F402C8EAA1E55FDCB3D482EA2FC31E4A5392EDDFD82B43D2C3C ---- EOF - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00CC0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00CC0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\services.exe[1736] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[1768] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00F2F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00F30470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00F30290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00F2F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00F2F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00F30470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00F30290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00F2F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00F30290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00F30640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [00F2F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [00F2FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [00F2FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00F2FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1532] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00F2F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [00CC0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00CC0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00CBFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00CC0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00CBFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00CBF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00CC0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00CBFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\winlogon.exe[1580] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [00CBF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0124F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [01250470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [01250290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0124F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0124F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0124FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01250470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [01250290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0124FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0124F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01250640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0124F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[1048] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0124FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

I have not had those mysterious IP block messages after having run the OTL fix. here is the GMER log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-04 21:44:07 Windows 5.1.2600 Service Pack 3 Running: sar_15_sfx.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwldqpow.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00CEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00CF0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00CF0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00CEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00CEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00CF0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00CF0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00CEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00CF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00CF00B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00CEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00CEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00CEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\system32\svchost.exe[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00CEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [036DF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [036E0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [036E0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [036DF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [036DF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [036E0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [036E0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [036DF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [036E0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [036DF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [036E00B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [036DFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [036DFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [036DFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[584] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [036DF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[652] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\System32\svchost.exe[832] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

but last nite this was clear! see log report Started scanning at 1/3/2010 12:45:03 AM. Engine Ver: 35.1.0. Sig Ver:7210. Sig Date: 12/31/2009. ArcLib Ver: 8.2.4.0. C:\pagefile.sys - Could not open the file. C:\Documents and Settings\Administrator\ntuser.dat - Could not open the file. C:\Documents and Settings\Administrator\ntuser.dat.LOG - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file. C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file. C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file. C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file. C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file. C:\WINDOWS\system32\CatRoot2\edb.log - Could not open the file. C:\WINDOWS\system32\CatRoot2\tmp.edb - Could not open the file. C:\WINDOWS\system32\config\default - Could not open the file. C:\WINDOWS\system32\config\default.LOG - Could not open the file. C:\WINDOWS\system32\config\SAM - Could not open the file. C:\WINDOWS\system32\config\SAM.LOG - Could not open the file. C:\WINDOWS\system32\config\SECURITY - Could not open the file. C:\WINDOWS\system32\config\SECURITY.LOG - Could not open the file. C:\WINDOWS\system32\config\software - Could not open the file. C:\WINDOWS\system32\config\software.LOG - Could not open the file. C:\WINDOWS\system32\config\system - Could not open the file. C:\WINDOWS\system32\config\system.LOG - Could not open the file. Files Scanned: 424448 Files Infected: 0 Files Cleaned \ Deleted: 0 Files Quarantined: 0 Memory Infections: 0 Memory Infections Cleaned: 0 Boot Infections: 0 Boot Infections Cleaned: 0 Files not Cleaned\Deleted\Quarantined (Limit 100): 0 Finished scanning at 1/3/2010 1:15:16 AM. Let me know but seems we are getting closer! Roger

CA Anti-Spyware Quarantined Spyware Report This report was generated on: 1/3/2010-6:24:08 PM 1/1/2010 1:07:10 AM <<20100101060710>> (0) Bifrost hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\wget () WinSpywareProtect hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\microsoft\windows\currentversion\drivers () WinAntiVirus Pro 2006 hkey_classes_root \*\shellex\contextmenuhandlers\shellextension 1/1/2010 1:07:10 AM <<20100101060710>> 1/2/2010 1:07:13 AM <<20100102060713>> () Bifrost hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\wget () WinSpywareProtect hkey_users \s-1-5-21-1749186680-1974409891-280849654-500\software\microsoft\windows\currentversion\drivers () WinAntiVirus Pro 2006 hkey_classes_root \*\shellex\contextmenuhandlers\shellextension 1/2/2010 1:07:13 AM <<20100102060713>> ***End Report***

KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, January 3, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, January 03, 2010 12:54:27 Records in database: 3365330 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ I:\ M:\ N:\ Scan statistics: Objects scanned: 153252 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:22:58 No threats found. Scanned area is clean. Selected area has been scanned.

here are the two logs requested .... but interesting quarantines the last 2/3 nites by CA -- I''ll post that at the very end OLT All processes killed ========== FILES ========== File\Folder c:\windows\isRS-000.tmp not found. C:\RECYCLER\S-1-5-21-1749186680-1974409891-280849654-500 folder moved successfully. C:\RECYCLER folder moved successfully. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. g:\RECYCLER\S-1-5-21-1749186680-1974409891-280849654-500 folder moved successfully. g:\RECYCLER folder moved successfully. File\Folder h:\recycler not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 25698686 bytes ->Temporary Internet Files folder emptied: 17019653 bytes ->Java cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 16867 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35281 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 41.00 mb Restore point Set: OTL Restore Point (64424509440) OTL by OldTimer - Version 3.1.20.1 log created on 01032010_082028 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

here are both files 2009-12-31 22:46:47 . 2009-12-31 22:46:47 684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-updateMgr.reg.dat 2009-12-31 22:46:47 . 2009-12-31 22:46:47 698 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat 2009-12-31 22:46:29 . 2009-12-31 22:46:29 246 ----a-w- C:\Qoobox\Quarantine\D\av1.zip 2009-12-31 22:46:29 . 2004-09-13 17:15:24 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir 2009-12-30 19:17:55 . 2010-01-01 20:15:50 6,685 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-12-30 19:15:07 . 2010-01-01 20:08:09 153 ----a-w- C:\Qoobox\Quarantine\catchme.log ComboFix 09-12-31.06 - Administrator 12/31/2009 17:43:58.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1239 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\recycler\S-1-5-21-2473046782-1986052202-2193566008-500 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))) . 2009-12-31 06:00 . 2009-12-31 06:00 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\program files\ERUNT 2009-12-26 17:05 . 2009-12-26 17:05 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\DIFX 2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\Garmin 2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\ieSpell 2009-12-25 18:31 . 2009-12-25 18:31 -------- d-----w- c:\program files\ieSpell 2009-12-25 03:37 . 2009-12-25 03:37 -------- d-----w- c:\program files\Sophos 2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-23 13:17 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-23 13:17 . 2009-12-31 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-23 13:17 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-23 12:36 . 2009-12-23 12:36 -------- d--h--w- c:\windows\PIF 2009-12-23 12:08 . 2009-12-23 13:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ixbiws 2009-12-12 22:09 . 2009-12-12 22:09 -------- d-----w- C:\cabs 2009-12-12 00:41 . 2009-12-12 00:41 -------- d-----w- c:\program files\D-Link 2009-12-12 00:13 . 2009-12-12 00:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\VirtualStore 2009-12-07 09:14 . 2009-12-07 09:14 1593992 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxClient.exe 2009-12-07 08:39 . 2009-12-07 08:39 344712 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvdEngine.dll 2009-12-07 08:39 . 2009-12-07 08:39 123528 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxUpdater.exe 2009-12-06 21:33 . 2009-12-06 21:33 4710 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe 2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\program files\Dartfish 2009-12-03 13:10 . 2009-12-03 13:10 -------- d-----w- c:\program files\Microsoft USB Flash Drive Manager 2009-12-02 19:50 . 2009-12-03 01:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Smilebox 2009-12-02 19:50 . 2009-12-02 19:50 -------- d-----w- c:\program files\Smilebox 2009-12-02 19:49 . 2009-12-25 03:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smilebox 2009-12-02 19:49 . 2009-12-02 19:49 57955 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\uninstall.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-31 06:00 . 2009-12-31 06:00 696832 ----a-w- c:\windows\isRS-000.tmp 2009-12-31 03:25 . 2008-03-05 21:28 -------- d-----w- c:\program files\DxO Labs 2009-12-30 04:45 . 2008-03-08 04:59 -------- d-----w- c:\program files\DNA 2009-12-30 04:32 . 2009-12-30 04:32 -------- d-----w- c:\program files\ESET 2009-12-30 01:15 . 2006-10-10 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-30 01:14 . 2009-04-10 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks 2009-12-24 05:05 . 2008-03-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-24 02:25 . 2008-03-08 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-07 09:22 . 2009-11-16 10:12 373384 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxStarter.exe 2009-12-07 09:22 . 2009-11-16 09:17 168584 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxBrowserEngine.dll 2009-12-07 09:22 . 2009-11-16 07:21 205448 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvd.exe 2009-12-07 09:22 . 2009-11-16 07:21 266888 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxTray.exe 2009-12-01 16:29 . 2009-10-13 13:04 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys 2009-12-01 16:29 . 2009-10-13 13:04 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys 2009-12-01 16:29 . 2008-09-26 01:45 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2009-12-01 16:29 . 2008-09-26 01:45 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2009-12-01 16:29 . 2008-09-26 01:45 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2009-12-01 16:29 . 2008-09-26 01:45 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2009-11-28 01:56 . 2009-11-27 21:48 -------- d-----w- c:\program files\ACW 2009-11-25 16:33 . 2009-11-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-11-25 16:22 . 2008-03-30 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon 2009-11-04 03:13 . 2006-10-10 20:37 -------- d-----w- c:\program files\Java 2009-11-04 03:11 . 2009-11-04 03:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 01:42 . 2006-10-10 20:42 -------- d-----w- c:\program files\Google 2009-10-29 07:46 . 2006-06-01 03:17 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2006-06-01 03:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2006-06-01 03:16 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-21 05:38 . 2006-06-01 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2006-06-01 03:16 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 13:04 . 2009-03-19 21:25 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll 2009-10-13 10:30 . 2006-06-01 03:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2006-06-01 03:16 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2006-06-01 03:16 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-11 09:17 . 2008-12-10 02:04 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "WD Button Manager"="WDBtnMgr.exe" [2008-03-05 339968] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-10 98304] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-03 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-09-26 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-01 230664] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664] "D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty] 2004-02-08 23:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] 2006-04-20 00:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] 2003-07-07 14:29 729088 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] 2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp] 2007-08-25 05:03 185664 ----a-w- c:\program files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] 2007-07-23 18:55 341232 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9303:UDP"= 9303:UDP:Network USB Utility UDP Port R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [10/10/2006 4:06 PM 21504] R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 3:20 PM 63008] R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 2:20 PM 73600] R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [10/10/2006 3:25 PM 40448] R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704] R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2009 8:17 AM 19160] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2009 8:17 AM 276816] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 3:32 PM 133104] S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 2:20 PM 97408] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31.tmp --> c:\windows\system32\31.tmp [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/2/2009 10:33 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/2/2009 10:33 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/2/2009 10:33 PM 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/2/2009 10:33 PM 23680] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2008 10:08 PM 716272] . Contents of the 'Scheduled Tasks' folder 2009-12-31 c:\windows\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10] 2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32] 2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32] 2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55] 2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM LSP: c:\windows\system32\VetRedir.dll Trusted Zone: copcp.com\vpn Trusted Zone: copcp.com\www Trusted Zone: copcp.local\integreat Trusted Zone: iccchartweb1 Trusted Zone: icchart Trusted Zone: iccsql Trusted Zone: iccsql01 Trusted Zone: iccsql1 Trusted Zone: iccsql2 Trusted Zone: iccweb1 Trusted Zone: iccweb2 Trusted Zone: iccweb3 Trusted Zone: iccweb4 Trusted Zone: integreat Trusted Zone: integreat2 Trusted Zone: intradocs2 Trusted Zone: intuit.com Trusted Zone: plaxo.com\www Trusted Zone: turbotax.com DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\31.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="961D19B5A4D2B5FEEA23C325AE57D2EB806360A74FF32983A317CE75CEFB2D0827041FD127C 3AA4CFD143FE4EA5C80F3F23B4AEDC626700B6A375AB60234FEEAB3106EE9A2F35DEBEAF665AA12B 6 EEED6DE8FE7FD900D027DB2BF612ED23FBCEAA9529BA86B5F48DC825C6DC8A5086C44E68A1138B9D 1 29EBEB77C2A4EBC6FF7DDBDF47366F05A9214CDFB5861A3F016DA8E59CF7FAE3FECC174BF15FE06E 5 5F85837B3578A23D8EABF01F6D45C09E36B981D155FD7AAB42F6CBA15C049AAF31B9B96A1998570F 4 D53644EDE8BCEC12B7A3C3BB175596881527E7FFE01A6E24E7A0473A843B205CAB153ACFEBC9E127 B ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B E CC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335D575E7D6A3B98083E681C41394 E 39551D22C1DF347E8E78F6EEECB7E4E2840CCAF4CAE8859ED3F4C715EA3C58FED507DB44ACD62613 9 93D92740274FCE9527FBC94813648CA08FA6D15C586310F2A864B881B7E5881DC1A28C6836E54CFA B D5F0AC07620E127A95E5E552CBDBD5539DACC628A3FD4679C92736A2B35EDD595925A741DDA626B6 C 2DB294CFD260DC29A377A05D802C5E50CF336A298BF3E73DB0A1228DA151C1D82ECA580D30FD33C4 F 17C072F402C8EAA1E55FDCB3D482EA2FC31E4A5392EDDFD82B43D2C3CBABD9106A5D49904F78A6D2 4 96DBC61AC20812CEC1E48038878094E1B11B80DC4FB87B7C338748B6EE60AE85DC0C13E076ECD2E9 1 0D5869987D72703941BC30170E06A3AB5AF2869A055DB358DB03AFDCA83C94B287C24A94A2CC5072 2 A7B7113116A351C74D76840AAB7856067A55C57F00942C54D643004709B8128C3295B3C979DD1045 8 CB5C019408B49130E7AE56CBC8A1B3C4B064A256361D31AE0C3BCC18DB64477D884EB161909BFC24 9 9D66B20E19AD8F5AA7861A2C8C0582A7D2030EBB5D9BBFCDD71DD14669A26591FC75DBB8F20070E6 C C0628DD40BD81EEBE1875212A3AC98AF3CC194F39184866FB7274EDEA303DDA2D5FCAE2B21E793DA 1 7266E26B759B173694F2E75E905861822756C359D06D990123E8474ACAA375E1F1645028EF54F377 5 AB10FD0D87DBBAC6AD0EC60A3D9B0996E36F2E5A395DA21992418528A79C18A330CD73E8DEA809A8 E 3909F6849DF76C762B5A5D924FA65EB8D32E3830BE8C9F9E9DE8FF054354B8EE3331FBB3F8756CDE 1 0181E0EBA9F8C0AA49A7A82EA514C29C9FDF9C246D60042C1B768BA717B994BBDDB6A68727420342 1 D2D9F146A510CBB4D45E47DE036D7EDD12EE580B7C5CC823D92695FD53DE4E1272576B37272A7F00 C 77498544D19D12419FD6BAB7346976F5B368D43BF7DCC8489440F81DF82B1B657E4DD26E4CACB13C F 9F43A05D1A31241106AB5819421EB" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(864) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(2288) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-12-31 17:47:28 ComboFix-quarantined-files.txt 2009-12-31 22:47 Pre-Run: 12,699,156,480 bytes free Post-Run: 12,711,661,568 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 9DD963AB2D1287D3EB09AEEBC466880E

Here is the latest combofix log - still getting the w32.silly.Bd virus alert withthe combo fix - if everything runs well should I just delete the combofix? Pop up alerts have stopped for now but am watching closely...... ComboFix 09-12-31.A1 - Administrator 01/01/2010 15:14:15.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1271 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} . ((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 ))))))))))))))))))))))))))))))) . 2010-01-01 06:19 . 2010-01-01 06:19 216488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-12-31 06:00 . 2009-12-31 06:00 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2009-12-30 04:32 . 2009-12-30 04:32 -------- d-----w- c:\program files\ESET 2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\program files\ERUNT 2009-12-26 17:05 . 2009-12-26 17:05 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\DIFX 2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\Garmin 2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\ieSpell 2009-12-25 18:31 . 2009-12-25 18:31 -------- d-----w- c:\program files\ieSpell 2009-12-25 03:37 . 2009-12-25 03:37 -------- d-----w- c:\program files\Sophos 2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-23 13:17 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-23 13:17 . 2009-12-31 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-23 13:17 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-23 12:36 . 2009-12-23 12:36 -------- d--h--w- c:\windows\PIF 2009-12-23 12:08 . 2009-12-23 13:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ixbiws 2009-12-12 22:09 . 2009-12-12 22:09 -------- d-----w- C:\cabs 2009-12-12 00:41 . 2009-12-12 00:41 -------- d-----w- c:\program files\D-Link 2009-12-12 00:13 . 2009-12-12 00:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\VirtualStore 2009-12-07 09:14 . 2009-12-07 09:14 1593992 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxClient.exe 2009-12-07 08:39 . 2009-12-07 08:39 344712 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvdEngine.dll 2009-12-07 08:39 . 2009-12-07 08:39 123528 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxUpdater.exe 2009-12-06 21:33 . 2009-12-06 21:33 4710 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe 2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\program files\Dartfish 2009-12-03 13:10 . 2009-12-03 13:10 -------- d-----w- c:\program files\Microsoft USB Flash Drive Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-31 03:25 . 2008-03-05 21:28 -------- d-----w- c:\program files\DxO Labs 2009-12-30 04:45 . 2008-03-08 04:59 -------- d-----w- c:\program files\DNA 2009-12-30 01:15 . 2006-10-10 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-30 01:14 . 2009-04-10 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks 2009-12-25 03:30 . 2009-12-02 19:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smilebox 2009-12-24 05:05 . 2008-03-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-24 02:25 . 2008-03-08 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-07 09:22 . 2009-11-16 10:12 373384 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxStarter.exe 2009-12-07 09:22 . 2009-11-16 09:17 168584 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxBrowserEngine.dll 2009-12-07 09:22 . 2009-11-16 07:21 205448 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvd.exe 2009-12-07 09:22 . 2009-11-16 07:21 266888 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxTray.exe 2009-12-02 19:50 . 2009-12-02 19:50 -------- d-----w- c:\program files\Smilebox 2009-12-02 19:49 . 2009-12-02 19:49 57955 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\uninstall.exe 2009-12-01 16:29 . 2009-10-13 13:04 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys 2009-12-01 16:29 . 2009-10-13 13:04 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys 2009-12-01 16:29 . 2008-09-26 01:45 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys 2009-12-01 16:29 . 2008-09-26 01:45 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys 2009-12-01 16:29 . 2008-09-26 01:45 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys 2009-12-01 16:29 . 2008-09-26 01:45 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys 2009-11-28 01:56 . 2009-11-27 21:48 -------- d-----w- c:\program files\ACW 2009-11-25 16:33 . 2009-11-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-11-25 16:22 . 2008-03-30 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon 2009-11-04 03:13 . 2006-10-10 20:37 -------- d-----w- c:\program files\Java 2009-11-04 03:11 . 2009-11-04 03:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 01:42 . 2006-10-10 20:42 -------- d-----w- c:\program files\Google 2009-10-29 07:46 . 2006-06-01 03:17 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2006-06-01 03:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2006-06-01 03:16 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-21 05:38 . 2006-06-01 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2006-06-01 03:16 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 13:04 . 2009-03-19 21:25 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll 2009-10-13 10:30 . 2006-06-01 03:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2006-06-01 03:16 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2006-06-01 03:16 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-11 09:17 . 2008-12-10 02:04 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "WD Button Manager"="WDBtnMgr.exe" [2008-03-05 339968] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-10 98304] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-03 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-09-26 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-01 230664] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664] "D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty] 2004-02-08 23:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] 2006-04-20 00:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] 2003-07-07 14:29 729088 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] 2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp] 2007-08-25 05:03 185664 ----a-w- c:\program files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] 2007-07-23 18:55 341232 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9303:UDP"= 9303:UDP:Network USB Utility UDP Port R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [10/10/2006 4:06 PM 21504] R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 3:20 PM 63008] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2009 8:17 AM 235344] R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 2:20 PM 73600] R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [10/10/2006 3:25 PM 40448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2009 8:17 AM 19160] R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 3:32 PM 133104] S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 2:20 PM 97408] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31.tmp --> c:\windows\system32\31.tmp [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/2/2009 10:33 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/2/2009 10:33 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/2/2009 10:33 PM 42112] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/2/2009 10:33 PM 23680] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2008 10:08 PM 716272] . Contents of the 'Scheduled Tasks' folder 2010-01-01 c:\windows\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10] 2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32] 2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32] 2010-01-01 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55] 2010-01-01 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM LSP: c:\windows\system32\VetRedir.dll Trusted Zone: copcp.com\vpn Trusted Zone: copcp.com\www Trusted Zone: copcp.local\integreat Trusted Zone: iccchartweb1 Trusted Zone: icchart Trusted Zone: iccsql Trusted Zone: iccsql01 Trusted Zone: iccsql1 Trusted Zone: iccsql2 Trusted Zone: iccweb1 Trusted Zone: iccweb2 Trusted Zone: iccweb3 Trusted Zone: iccweb4 Trusted Zone: integreat Trusted Zone: integreat2 Trusted Zone: intradocs2 Trusted Zone: intuit.com Trusted Zone: plaxo.com\www Trusted Zone: turbotax.com DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\31.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="961D19B5A4D2B5FEEA23C325AE57D2EB806360A74FF32983A317CE75CEFB2D0827041FD127C 3AA4CFD143FE4EA5C80F3F23B4AEDC626700B6A375AB60234FEEAB3106EE9A2F35DEBEAF665AA12B 6 EEED6DE8FE7FD900D027DB2BF612ED23FBCEAA9529BA86B5F48DC825C6DC8A5086C44E68A1138B9D 1 29EBEB77C2A4EBC6FF7DDBDF47366F05A9214CDFB5861A3F016DA8E59CF7FAE3FECC174BF15FE06E 5 5F85837B3578A23D8EABF01F6D45C09E36B981D155FD7AAB42F6CBA15C049AAF31B9B96A1998570F 4 D53644EDE8BCEC12B7A3C3BB175596881527E7FFE01A6E24E7A0473A843B205CAB153ACFEBC9E127 B ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B E CC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335D575E7D6A3B98083E681C41394 E 39551D22C1DF347E8E78F6EEECB7E4E2840CCAF4CAE8859ED3F4C715EA3C58FED507DB44ACD62613 9 93D92740274FCE9527FBC94813648CA08FA6D15C586310F2A864B881B7E5881DC1A28C6836E54CFA B D5F0AC07620E127A95E5E552CBDBD5539DACC628A3FD4679C92736A2B35EDD595925A741DDA626B6 C 2DB294CFD260DC29A377A05D802C5E50CF336A298BF3E73DB0A1228DA151C1D82ECA580D30FD33C4 F 17C072F402C8EAA1E55FDCB3D482EA2FC31E4A5392EDDFD82B43D2C3CBABD9106A5D49904F78A6D2 4 96DBC61AC20812CEC1E48038878094E1B11B80DC4FB87B7C338748B6EE60AE85DC0C13E076ECD2E9 1 0D5869987D72703941BC30170E06A3AB5AF2869A055DB358DB03AFDCA83C94B287C24A94A2CC5072 2 A7B7113116A351C74D76840AAB7856067A55C57F00942C54D643004709B8128C3295B3C979DD1045 8 CB5C019408B49130E7AE56CBC8A1B3C4B064A256361D31AE0C3BCC18DB64477D884EB161909BFC24 9 9D66B20E19AD8F5AA7861A2C8C0582A7D2030EBB5D9BBFCDD71DD14669A26591FC75DBB8F20070E6 C C0628DD40BD81EEBE1875212A3AC98AF3CC194F39184866FB7274EDEA303DDA2D5FCAE2B21E793DA 1 7266E26B759B173694F2E75E905861822756C359D06D990123E8474ACAA375E1F1645028EF54F377 5 AB10FD0D87DBBAC6AD0EC60A3D9B0996E36F2E5A395DA21992418528A79C18A330CD73E8DEA809A8 E 3909F6849DF76C762B5A5D924FA65EB8D32E3830BE8C9F9E9DE8FF054354B8EE3331FBB3F8756CDE 1 0181E0EBA9F8C0AA49A7A82EA514C29C9FDF9C246D60042C1B768BA717B994BBDDB6A68727420342 1 D2D9F146A510CBB4D45E47DE036D7EDD12EE580B7C5CC823D92695FD53DE4E1272576B37272A7F00 C 77498544D19D12419FD6BAB7346976F5B368D43BF7DCC8489440F81DF82B1B657E4DD26E4CACB13C F 9F43A05D1A31241106AB5819421EB" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1584) c:\windows\system32\Ati2evxx.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(1816) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(3912) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-01-01 15:17:36 ComboFix-quarantined-files.txt 2010-01-01 20:17 ComboFix2.txt 2009-12-31 22:47 Pre-Run: 11,921,629,184 bytes free Post-Run: 11,896,627,200 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 707AEE2D1B4F461F8B69E38853C2B09E

here is the Kenco.log Kenco by jpshortstuff (31.12.09.1) Log created at 09:44 on 01/01/2010 (Administrator) ========== Task Unlocker ========== ========== KencoScan ========== ========== C:\WINDOWS\Tasks ========== CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job -> [12:08 14/07/2009] 472 bytes GoogleUpdateTaskMachineCore.job -> [20:32 18/07/2009] 896 bytes GoogleUpdateTaskMachineUA.job -> [20:32 18/07/2009] 900 bytes Malwarebytes' Scheduled Scan for Administrator.job -> [13:37 23/12/2009] 524 bytes Malwarebytes' Scheduled Update for Administrator.job -> [13:37 23/12/2009] 510 bytes -=E.O.F=- here is the OTL.txt OTL logfile created on: 1/1/2010 9:46:35 AM - Run 2 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.25 Gb Total Space | 10.55 Gb Free Space | 15.02% Space Free | Partition Type: NTFS Drive D: | 4.25 Gb Total Space | 2.73 Gb Free Space | 64.22% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 18.65 Gb Total Space | 9.79 Gb Free Space | 52.50% Space Free | Partition Type: NTFS Drive H: | 195.31 Gb Total Space | 15.84 Gb Free Space | 8.11% Space Free | Partition Type: NTFS Drive I: | 3.81 Gb Total Space | 2.66 Gb Free Space | 69.63% Space Free | Partition Type: FAT32 Drive M: | 102.78 Gb Total Space | 18.50 Gb Free Space | 18.00% Space Free | Partition Type: NTFS Computer Name: GATEWAY Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009/12/30 14:55:16 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe PRC - [2009/12/01 11:29:33 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe PRC - [2009/08/03 08:11:03 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/09/25 20:45:26 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/06 22:45:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/03/04 22:39:36 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe PRC - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe PRC - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe PRC - [2007/08/16 20:10:14 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe PRC - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe PRC - [2007/05/11 02:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe PRC - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe PRC - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe PRC - [2004/12/08 19:57:36 | 00,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ========== Modules (SafeList) ========== MOD - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2008/09/25 20:45:26 | 00,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP) SRV - [2009/07/18 15:32:06 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2009/04/25 09:40:58 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe) SRV - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv) SRV - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC) SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr) SRV - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 20:42:39 | 00,000,000 | ---D | M] O1 HOSTS File: (371997 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 12823 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.) O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: copcp.com ([vpn] http in Trusted sites) O15 - HKCU\..Trusted Domains: copcp.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: copcp.local ([integreat] http in Trusted sites) O15 - HKCU\..Trusted Domains: iccchartweb1 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: icchart ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccsql ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccsql01 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccsql1 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccsql2 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccweb1 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccweb2 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccweb3 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: iccweb4 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: integreat ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: integreat2 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: intradocs2 ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/40.14/uploader2.cab (UploadListView Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} https://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx (Setup Class) O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab (Reg Error: Key error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.copcp.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control) O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/31 22:32:15 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2010/01/01 09:44:18 | 00,044,567 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\Kenco.exe [2009/12/31 22:18:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/12/31 17:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix [2009/12/30 22:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DxO Labs [2009/12/30 14:15:51 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/12/30 14:15:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/12/30 14:15:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/12/30 14:15:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/12/30 14:15:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/12/30 14:12:47 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/12/29 23:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/12/29 23:26:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Repair [2009/12/29 20:08:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/12/29 19:19:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/12/29 19:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/12/27 09:06:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gambill Pictures-reduced size [2009/12/27 08:40:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Gambill digital frame [2009/12/26 12:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin [2009/12/26 11:57:41 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2009/12/26 11:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin [2009/12/25 13:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ieSpell [2009/12/25 13:31:43 | 00,000,000 | ---D | C] -- C:\Program Files\ieSpell [2009/12/24 22:37:44 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2009/12/24 00:05:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2009/12/23 23:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2009/12/23 08:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2009/12/23 08:17:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/23 08:17:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/23 08:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/23 08:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/23 08:11:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2009/12/23 07:36:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009/12/23 07:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ixbiws [2009/07/20 20:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/07/18 15:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2008/09/20 14:08:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/08/25 02:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/03/06 20:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks [2008/03/05 22:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks [2006/05/31 22:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2006/05/31 22:32:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/01/01 09:43:33 | 00,044,567 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\Kenco.exe [2010/01/01 09:42:34 | 00,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/01/01 09:32:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/01 09:31:57 | 00,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/01/01 09:31:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/01 09:31:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/01 09:30:46 | 00,314,142 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010/01/01 01:19:44 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2010/01/01 01:19:44 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/01/01 01:07:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job [2010/01/01 01:07:33 | 00,000,524 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job [2010/01/01 01:00:11 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job [2009/12/31 17:46:29 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/31 10:38:29 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Streets & Trips 2007.lnk [2009/12/30 22:25:10 | 00,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 6.lnk [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/30 14:15:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/12/29 08:46:11 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\COPC Secure Access SSL VPN.url [2009/12/27 11:22:10 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pw- 7-09.xls [2009/12/26 21:24:20 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2009/12/26 11:47:42 | 01,336,327 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2675_OwnersManual.pdf [2009/12/24 07:56:48 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009/12/24 00:04:46 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk [2009/12/23 21:25:45 | 00,371,997 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/23 08:17:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/01 01:19:48 | 00,216,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/12/30 22:25:10 | 00,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 6.lnk [2009/12/30 14:15:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/12/30 14:15:55 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/12/30 14:15:15 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/12/30 14:15:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/12/30 14:15:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/12/30 14:15:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/12/30 14:15:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/12/26 21:24:10 | 00,000,176 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2009/12/26 11:47:42 | 01,336,327 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2675_OwnersManual.pdf [2009/12/24 07:56:48 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009/12/23 08:37:07 | 00,000,524 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job [2009/12/23 08:37:00 | 00,000,510 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job [2009/12/23 08:17:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/01/02 22:52:31 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/02 22:52:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/01/02 22:52:30 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/01/02 22:52:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/01/02 22:52:28 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/01/02 22:52:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/12/20 21:15:42 | 00,038,505 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR [2008/10/04 14:14:49 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls [2008/08/20 06:56:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008/04/29 20:57:40 | 00,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/03/07 19:03:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/03/05 18:28:43 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/05 16:21:25 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/03/05 16:21:25 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/03/05 16:21:25 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/03/05 16:21:25 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/03/05 16:21:25 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/03/05 16:21:25 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/03/05 08:53:36 | 00,001,292 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html [2008/03/05 00:15:32 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\.user_keys.dat [2008/03/04 23:11:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008/03/04 22:42:39 | 00,070,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log [2008/03/04 22:17:29 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL [2008/03/04 22:11:11 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2008/03/04 22:10:58 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2008/03/04 22:09:02 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008/03/04 21:15:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/10/10 16:06:43 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2006/10/10 16:04:26 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2006/10/10 15:57:34 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2006/10/10 15:57:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2006/10/10 15:57:34 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2006/06/30 05:27:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/31 22:17:16 | 00,001,234 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/05/31 22:17:16 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2005/08/30 16:50:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll [2005/08/30 16:42:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2005/08/30 16:42:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2005/08/30 16:42:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2005/08/30 16:41:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2005/08/30 16:41:42 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2005/08/30 16:41:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2005/08/30 16:41:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2005/08/30 16:41:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2005/08/30 16:41:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2005/08/30 16:40:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll [2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll [2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll [2005/03/07 15:30:46 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll [2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll [2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll [2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll [2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll [2004/12/21 11:13:56 | 00,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/11/25 11:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon [2008/03/14 22:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools [2009/12/30 22:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DxO Labs [2008/12/20 16:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN [2008/03/05 08:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Genie-Soft [2009/12/25 13:41:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ieSpell [2008/03/05 22:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks [2006/10/10 16:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2008/03/04 23:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2008/08/02 10:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Sam's Club Digital Photo Center [2008/04/01 12:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewSoft [2008/04/26 11:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12 [2008/03/05 16:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy [2006/10/10 15:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2008/03/04 22:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft [2009/12/24 22:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smilebox [2008/12/08 23:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish [2008/03/05 16:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2009/12/11 19:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VirtualStore [2008/03/05 00:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp [2008/09/25 20:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2008/03/04 22:17:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2009/12/23 23:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2008/12/20 16:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN [2008/03/05 16:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2008/03/04 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service [2008/03/05 16:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy [2009/11/25 11:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/04/01 12:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/04/01 12:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard [2008/09/27 15:08:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/03/05 16:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2006/10/10 16:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/01/01 01:07:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 @Alternate Data Stream - 1241 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v8rLNcWyurlCdOMhm6Pvkm5gQE @Alternate Data Stream - 1117 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bFCJ8JXez8lx7d543odWVzkJ < End of report > thanks, Roger

Maurice - thank you for your help but I must have made another mistake somewhere as the new combofix ran and had a log that I copied and was going to paste in a reply but the system froze. I rebooted and check the combo fix folder to find... no log! as it had said it one of the last screens that it would be found at C: combofix.txt but the only files there are cf18916.cfxxe mbr.cfxxe mbr.txt FYI each time I renable my antivir software I get a virus warning w32sillybt something.... that it deletes from the combofix I await further instructions Roger