Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Zlob DNSChanger Vimax Ads HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 23rd, 2008, 10:04 am

Hello,

I have recently been infected with this horrible trojan and what's worse since is that it has infected all of my computers! I have three computers and they are connected to the internet through a wireless router and modem - I had no idea that a trojan could travel through a router!

Anyway, I have tried many many many antivirus and antimalware programs (e.g. exterminate it, malwarebyte's etc). Most of these identify the trojan under the registry, and say they've removed it, but on restarting the computer, the trojan returns.

The trojan manifests itself with annoying vimax ads on virtually all sites, hijacking websites from google searches and annoying pop up ads.

This is the results from Trend Micro Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:50 AM, on 24/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5253 bytes


Please help and quickly!!

Thank you
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am
Advertisement
Register to Remove

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 25th, 2008, 11:11 pm

Hi Omar,

If your machine really is infected by something which can transfer itself between machines, you should only have one computer connected to the network at once, otherwise the machines may reinfect themselves while we are cleaning.

------------------------------------------------------------------------

Please download DNSCheck by Billy O'Neal to your Desktop (right-click the link, select Save Target As…, select your Desktop and press Save)
  • Double-click DNSCheck.exe to start the program.
  • Once it has finished running, a log named DNSCheck.log will appear on-screen, also located here:
    C:\DNSCheck.log
  • Please post the contents of this log with your next response.

------------------------------------------------------------------------

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

------------------------------------------------------------------------

Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you. Also, please post the most recent Malwarebytes Antimalware log for me to see.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 26th, 2008, 11:52 am

Thank you for getting back to me.

The log from DNSCheck:
DNS Check v0.1.0
Checking for Nonexistence Redirect
Generating nonexistent name: jnjcgpqxucfbewjrmjfp.com
Failed to resolve. -- OK!!
Checking for google.com redirection.
209.85.171.99: resolves to cg-in-f99.google.com -- OK!!
72.14.207.99: resolves to eh-in-f99.google.com -- OK!!
64.233.187.99: resolves to jc-in-f99.google.com -- OK!!
Checking for yahoo.com redirection.
206.190.60.37: resolves to w2.rc.vip.re4.yahoo.com -- OK!!
68.180.206.184: resolves to w2.rc.vip.sp1.yahoo.com -- OK!!
Checking for bleepingcomputer.com redirection.
208.43.87.2: resolves to www.bleepingcomputer.com -- OK!!
Checking for geekstogo.com redirection.
208.43.44.138: resolves to geek15.geekstogo.com -- OK!!



The 1st RSIT log (info.txt):

info.txt logfile of random's system information tool 1.04 2008-11-27 02:36:27

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: CA Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



The second RSIT log (log.txt):

Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-11-27 02:36:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (14%) free of 78 GB
Total RAM: 447 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:22 AM, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5299 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as user at 1 59 AM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-23 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-01-11 143360]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-11-17 247024]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-11-17 234736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-23 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2008-11-27 02:36:04 ----D---- C:\rsit
2008-11-24 00:40:45 ----D---- C:\Program Files\Trend Micro
2008-11-24 00:21:09 ----SHD---- C:\Config.Msi
2008-11-23 23:41:15 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-23 23:41:00 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-23 23:41:00 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-11-20 22:34:37 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-20 22:32:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-20 22:31:47 ----D---- C:\Program Files\Common Files\Adobe
2008-11-20 22:31:47 ----D---- C:\Program Files\Adobe
2008-11-20 22:21:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-11-20 22:21:49 ----D---- C:\Program Files\NOS
2008-11-19 23:01:27 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-19 22:36:20 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2008-11-19 22:33:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-19 18:12:25 ----D---- C:\Documents and Settings\user\Application Data\Google
2008-11-19 18:11:59 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2008-11-19 18:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-19 18:11:46 ----D---- C:\Program Files\Google
2008-11-19 17:37:29 ----D---- C:\Documents and Settings\user\Application Data\Macromedia
2008-11-17 13:23:27 ----D---- C:\????
2008-11-17 01:59:00 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-17 01:58:57 ----D---- C:\Program Files\Common Files\Scanner
2008-11-17 01:58:54 ----A---- C:\WINDOWS\system32\vetredir.dll
2008-11-17 01:58:54 ----A---- C:\WINDOWS\system32\isafprod.dll
2008-11-17 01:58:54 ----A---- C:\WINDOWS\system32\isafeif.dll
2008-11-17 01:58:53 ----A---- C:\caavsetupLog.txt
2008-11-17 01:58:47 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2008-11-17 01:58:44 ----D---- C:\Program Files\CA
2008-11-17 01:57:54 ----A---- C:\caisslog.txt
2008-11-17 01:33:48 ----D---- C:\WINDOWS\WBEM
2008-11-17 01:33:47 ----D---- C:\WINDOWS\system32\en-US
2008-11-17 01:32:45 ----SHD---- C:\RECYCLER
2008-11-17 01:31:46 ----HDC---- C:\WINDOWS\ie7
2008-11-17 01:31:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-17 01:31:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-17 01:30:57 ----D---- C:\Documents and Settings\user\Application Data\WinRAR
2008-11-17 01:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-17 01:30:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-17 01:30:46 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-17 01:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-17 01:28:57 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-17 01:28:53 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-17 01:28:38 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-17 01:28:26 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-17 01:27:52 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-17 01:27:28 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 01:27:21 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-17 01:27:19 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-17 01:26:58 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-17 01:25:55 ----D---- C:\Program Files\WinRAR
2008-11-17 01:24:37 ----D---- C:\New Folder
2008-11-17 01:17:39 ----A---- C:\WINDOWS\ODBC.INI
2008-11-17 01:17:29 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-11-17 01:16:16 ----D---- C:\Program Files\Common Files\L&H
2008-11-17 01:15:59 ----D---- C:\Program Files\Microsoft.NET
2008-11-17 01:15:44 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-17 01:14:59 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-17 01:14:52 ----D---- C:\Program Files\Microsoft Works
2008-11-17 01:14:41 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-17 01:14:17 ----D---- C:\WINDOWS\SHELLNEW
2008-11-17 01:14:03 ----D---- C:\Program Files\Microsoft Office
2008-11-17 01:00:13 ----RA---- C:\WINDOWS\system32\Audio3D.dll
2008-11-17 01:00:13 ----RA---- C:\WINDOWS\system32\a3d.dll
2008-11-17 01:00:11 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-17 01:00:05 ----A---- C:\WINDOWS\CMISETUP.INI
2008-11-17 01:00:05 ----A---- C:\WINDOWS\CMCDPLAY.INI
2008-11-17 01:00:03 ----A---- C:\WINDOWS\Wininit.ini
2008-11-17 00:59:58 ----D---- C:\Program Files\C-Media 3D Audio
2008-11-17 00:59:58 ----A---- C:\WINDOWS\CMIUninstall.exe
2008-11-17 00:59:58 ----A---- C:\WINDOWS\CmiRmRedundDir.exe
2008-11-17 00:59:58 ----A---- C:\WINDOWS\CMIRmDriver.dll
2008-11-17 00:59:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 00:59:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-17 00:58:16 ----RA---- C:\WINDOWS\system32\VTChromo.dll
2008-11-17 00:58:15 ----RA---- C:\WINDOWS\system32\VTTrayp.exe
2008-11-17 00:58:14 ----RA---- C:\WINDOWS\system32\VTTimer.exe
2008-11-17 00:58:14 ----RA---- C:\WINDOWS\system32\VTovrlay.dll
2008-11-17 00:58:14 ----RA---- C:\WINDOWS\system32\VTInfo2.dll
2008-11-17 00:58:14 ----RA---- C:\WINDOWS\system32\VTCfg3d.dll
2008-11-17 00:58:13 ----RA---- C:\WINDOWS\system32\VTGamma2.dll
2008-11-17 00:58:13 ----RA---- C:\WINDOWS\system32\VTDisply.dll
2008-11-17 00:58:12 ----RA---- C:\WINDOWS\system32\vticd.dll
2008-11-17 00:58:11 ----RA---- C:\WINDOWS\system32\vtdisp.dll
2008-11-17 00:58:05 ----D---- C:\Program Files\VIA
2008-11-17 00:57:52 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-17 00:56:24 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-17 00:55:49 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-11-17 00:22:02 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe
2008-11-17 00:22:02 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll
2008-11-17 00:22:01 ----RA---- C:\WINDOWS\system32\udaprop.dll
2008-11-17 00:22:01 ----RA---- C:\WINDOWS\system32\cmuda.dll
2008-11-15 16:33:47 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-15 16:32:39 ----A---- C:\WINDOWS\system32\uniime.dll
2008-11-15 16:32:34 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-11-15 16:32:32 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-11-15 16:32:32 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-11-15 16:32:32 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-11-15 16:32:32 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-11-15 16:32:19 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-11-15 16:32:19 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-11-15 16:32:11 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-11-15 16:32:10 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-11-15 16:31:54 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-15 16:31:53 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-15 16:30:18 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-15 16:29:06 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 16:29:03 ----SHD---- C:\WINDOWS\Installer
2008-11-15 16:29:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 16:29:02 ----D---- C:\Program Files\Common Files\ODBC
2008-11-15 16:29:02 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-15 16:28:59 ----RD---- C:\Program Files
2008-11-15 16:28:59 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-15 16:28:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-15 16:28:59 ----D---- C:\Program Files\Common Files
2008-11-15 16:28:56 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-15 16:28:56 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-15 16:28:56 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-15 16:28:55 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-15 16:28:53 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-15 16:28:52 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-15 16:28:52 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-15 16:28:52 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-15 16:28:52 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-15 16:28:52 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-15 16:28:50 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-15 16:28:48 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-15 16:28:48 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-15 16:28:48 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-15 16:28:48 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-15 16:28:47 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-15 16:28:46 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-15 16:28:46 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-15 16:28:46 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-15 16:28:45 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-11-15 16:28:44 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-15 16:28:35 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-15 16:28:30 ----RA---- C:\WINDOWS\SET8.tmp
2008-11-15 16:28:28 ----RA---- C:\WINDOWS\SET4.tmp
2008-11-15 16:28:27 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-15 16:28:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-15 16:28:22 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 16:28:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-15 16:28:00 ----A---- C:\WINDOWS\setuplog.txt
2008-11-15 16:27:56 ----SHD---- C:\System Volume Information
2008-11-15 16:27:56 ----D---- C:\Documents and Settings
2008-11-15 16:27:14 ----SH---- C:\boot.ini
2008-11-15 16:23:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-15 16:23:50 ----RSD---- C:\WINDOWS\Fonts
2008-11-15 16:23:50 ----RD---- C:\WINDOWS\Web
2008-11-15 16:23:50 ----HD---- C:\WINDOWS\inf
2008-11-15 16:23:50 ----D---- C:\WINDOWS\WinSxS
2008-11-15 16:23:50 ----D---- C:\WINDOWS\twain_32
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Temp
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\wins
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\usmt
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\spool
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\ras
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\oobe
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\npp
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\mui
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\IME
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\icsxml
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\ias
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\export
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\dhcp
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\config
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\3076
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\2052
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1054
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1042
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1041
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1037
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1033
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1031
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1028
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32\1025
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system32
2008-11-15 16:23:50 ----D---- C:\WINDOWS\system
2008-11-15 16:23:50 ----D---- C:\WINDOWS\security
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Resources
2008-11-15 16:23:50 ----D---- C:\WINDOWS\repair
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Provisioning
2008-11-15 16:23:50 ----D---- C:\WINDOWS\PeerNet
2008-11-15 16:23:50 ----D---- C:\WINDOWS\pchealth
2008-11-15 16:23:50 ----D---- C:\WINDOWS\mui
2008-11-15 16:23:50 ----D---- C:\WINDOWS\msapps
2008-11-15 16:23:50 ----D---- C:\WINDOWS\msagent
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Media
2008-11-15 16:23:50 ----D---- C:\WINDOWS\java
2008-11-15 16:23:50 ----D---- C:\WINDOWS\ime
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Help
2008-11-15 16:23:50 ----D---- C:\WINDOWS\ehome
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Driver Cache
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Debug
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Cursors
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Connection Wizard
2008-11-15 16:23:50 ----D---- C:\WINDOWS\Config
2008-11-15 16:23:50 ----D---- C:\WINDOWS\AppPatch
2008-11-15 16:23:50 ----D---- C:\WINDOWS\addins
2008-11-15 16:23:50 ----D---- C:\WINDOWS
2008-11-15 05:59:10 ----D---- C:\Documents and Settings\user\Application Data\Identities
2008-11-15 05:59:08 ----HD---- C:\Program Files\Uninstall Information
2008-11-15 05:59:01 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-11-15 05:59:01 ----ASH---- C:\Documents and Settings\user\Application Data\desktop.ini
2008-11-15 05:46:55 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-15 05:46:52 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-15 05:46:52 ----D---- C:\WINDOWS\Prefetch
2008-11-15 05:46:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-15 05:43:05 ----D---- C:\WINDOWS\system32\xircom
2008-11-15 05:43:05 ----D---- C:\Program Files\xerox
2008-11-15 05:43:05 ----D---- C:\Program Files\microsoft frontpage
2008-11-15 05:42:43 ----A---- C:\WINDOWS\control.ini
2008-11-15 05:42:43 ----A---- C:\AUTOEXEC.BAT
2008-11-15 05:42:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-15 05:42:28 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-15 05:41:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-15 05:41:30 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-15 05:41:30 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-15 05:41:24 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-15 05:41:19 ----HD---- C:\Program Files\WindowsUpdate
2008-11-15 05:41:00 ----D---- C:\WINDOWS\system32\DirectX
2008-11-15 05:40:46 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-15 05:40:44 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-15 05:40:44 ----A---- C:\WINDOWS\desktop.ini
2008-11-15 05:40:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-15 05:40:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-15 05:40:38 ----D---- C:\Program Files\Common Files\Services
2008-11-15 05:40:36 ----SD---- C:\WINDOWS\Tasks
2008-11-15 05:40:36 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-15 05:40:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-15 05:40:33 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 05:40:33 ----D---- C:\WINDOWS\srchasst
2008-11-15 05:40:31 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-15 05:40:31 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-15 05:40:30 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-15 05:40:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-15 05:40:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-15 05:40:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-15 05:40:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-15 05:40:27 ----D---- C:\Program Files\Movie Maker
2008-11-15 05:40:24 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-15 05:40:24 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-15 05:40:24 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-15 05:40:24 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-15 05:40:21 ----D---- C:\WINDOWS\system32\Restore
2008-11-15 05:40:21 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-15 05:40:21 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-15 05:40:21 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-15 05:40:21 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-15 05:40:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-15 05:40:20 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-15 05:40:18 ----D---- C:\Program Files\NetMeeting
2008-11-15 05:40:18 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-15 05:40:18 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-15 05:40:17 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-15 05:40:17 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-15 05:40:16 ----D---- C:\Program Files\Outlook Express
2008-11-15 05:40:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-15 05:40:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-15 05:40:16 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-15 05:40:15 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-15 05:40:15 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-15 05:40:15 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-15 05:40:15 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-15 05:40:11 ----D---- C:\Program Files\Internet Explorer
2008-11-15 05:40:11 ----D---- C:\Program Files\Common Files\System
2008-11-15 05:39:33 ----D---- C:\Program Files\ComPlus Applications
2008-11-15 05:39:31 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-15 05:39:31 ----A---- C:\WINDOWS\vb.ini
2008-11-15 05:39:27 ----D---- C:\WINDOWS\Registration
2008-11-15 05:39:19 ----D---- C:\Program Files\Online Services
2008-11-15 05:39:18 ----D---- C:\Program Files\Windows Media Player
2008-11-15 05:39:11 ----D---- C:\Program Files\Messenger
2008-11-15 05:39:08 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-15 05:39:08 ----A---- C:\WINDOWS\system32\write.exe
2008-11-15 05:39:02 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-15 05:39:02 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-15 05:39:02 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-15 05:39:02 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-15 05:39:02 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-15 05:39:01 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-15 05:38:57 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-15 05:38:57 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-15 05:38:56 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-15 05:38:55 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-15 05:38:54 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-15 05:38:53 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-15 05:38:50 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-15 05:38:43 ----D---- C:\Program Files\MSN
2008-11-15 05:38:42 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-15 05:38:42 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-15 05:38:42 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-15 05:38:42 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-15 05:38:41 ----D---- C:\Program Files\Windows NT
2008-11-15 05:38:41 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-15 05:38:41 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-15 05:38:41 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-15 05:38:40 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-15 05:38:39 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-15 05:38:39 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-15 05:38:38 ----D---- C:\WINDOWS\system32\Com
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-15 05:38:38 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-15 05:38:37 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-15 05:38:37 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-15 05:38:37 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-15 05:38:33 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-15 05:38:33 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-15 05:38:32 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-15 05:38:32 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 3 months======

2008-11-17 01:28:43 ----A---- C:\WINDOWS\win.ini
2008-11-15 16:28:58 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-11-17 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-11-17 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-11-17 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-11-17 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-11-17 21104]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-17 386688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-11-17 108368]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-02-16 172416]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-11-17 144696]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-11-17 255216]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-11-17 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-11-17 185584]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-19 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


The Malwarebyte's Antimalware log:

Malwarebytes' Anti-Malware 1.30
Database version: 1424
Windows 5.1.2600 Service Pack 2

27/11/2008 2:51:38 AM
mbam-log-2008-11-27 (02-51-38).txt

Scan type: Quick Scan
Objects scanned: 44423
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d35ae6cd-f70a-4315-8600-0bc2fba04273}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d35ae6cd-f70a-4315-8600-0bc2fba04273}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d35ae6cd-f70a-4315-8600-0bc2fba04273}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.145 85.255.112.182 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Thanks a lot. I really appreciate your help.
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 26th, 2008, 9:40 pm

Hi omar273,

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
ipconfig /all >> results.txt 2>>&1
nslookup google.com >> results.txt 2>>&1
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /s  >> results.txt 2>>&1
dir C:\???? >> results.txt 2>>&1
del %0

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop (right-click, select Extract All... and follow the prompts)
  • Disconnect from the internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If there is no warning, then check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Please do not use your computer during the scan
  • Once the scan is complete, click the Copy button
  • Open Notepad (Click Start->Run, type notepad and Enter) and hit Ctrl+V to paste the log and then save the log to your desktop

------------------------------------------------------------------------

Once complete, please post the results.txt output, the Gmer report and a new HijackThis log.
Also, please confirm whether you are currently experiencing the original symptoms or not.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 26th, 2008, 10:36 pm

Thanks for your help.

results.txt output:



Windows IP Configuration



Host Name . . . . . . . . . . . . : owner

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WG311v2 802.11g Wireless PCI Adapter #2

Physical Address. . . . . . . . . : 00-09-5B-E3-CA-3D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 85.255.112.145

85.255.112.182

Lease Obtained. . . . . . . . . . : Thursday, 27 November 2008 8:56:26 AM

Lease Expires . . . . . . . . . . : Friday, 28 November 2008 7:53:59 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0B-6A-EC-52-7C

*** Can't find server name for address 85.255.112.145: Timed out

*** Can't find server name for address 85.255.112.182: Timed out

*** Default servers are not available

Non-authoritative answer:

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 85.255.112.145

Name: google.com
Addresses: 72.14.205.100, 74.125.45.100, 209.85.171.100


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
NV Hostname REG_SZ owner
DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
NameServer REG_SZ
ForwardBroadcasts REG_DWORD 0x0
IPEnableRouter REG_DWORD 0x0
Domain REG_SZ
Hostname REG_SZ owner
SearchList REG_SZ
UseDomainNameDevolution REG_DWORD 0x1
EnableICMPRedirect REG_DWORD 0x1
DeadGWDetectDefault REG_DWORD 0x1
DontAddDefaultGatewayDefault REG_DWORD 0x0
EnableSecurityFilters REG_DWORD 0x0
TcpWindowSize REG_SZ 40320
DhcpNameServer REG_SZ 85.255.112.145 85.255.112.182

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp
LLInterface REG_SZ WANARP
IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{319E9630-01DE-4BE4-BE88-7407B95F045D}\0Tcpip\Parameters\Interfaces\{2770679A-C7C8-46CF-8B77-D48E2F46780D}\0\0
NumInterfaces REG_DWORD 0x2
IpInterfaces REG_BINARY 30969E31DE01E44BBE887407B95F045D9A677027C8C7CF468B77D48E2F46780D

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{82880593-F897-4C4F-8374-03AB8A512BC5}
LLInterface REG_SZ
IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{82880593-F897-4C4F-8374-03AB8A512BC5}\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A3647B40-9C06-415F-AFC7-4391752E73B3}
LLInterface REG_SZ
IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{A3647B40-9C06-415F-AFC7-4391752E73B3}\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D35AE6CD-F70A-4315-8600-0BC2FBA04273}
LLInterface REG_SZ
IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{D35AE6CD-F70A-4315-8600-0BC2FBA04273}\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2770679A-C7C8-46CF-8B77-D48E2F46780D}
UseZeroBroadcast REG_DWORD 0x0
EnableDHCP REG_DWORD 0x0
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
EnableDeadGWDetect REG_DWORD 0x1
DontAddDefaultGateway REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{319E9630-01DE-4BE4-BE88-7407B95F045D}
UseZeroBroadcast REG_DWORD 0x0
EnableDHCP REG_DWORD 0x0
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
EnableDeadGWDetect REG_DWORD 0x1
DontAddDefaultGateway REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82880593-F897-4C4F-8374-03AB8A512BC5}
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
DefaultGatewayMetric REG_MULTI_SZ \0
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
TCPAllowedPorts REG_MULTI_SZ 0\0\0
UDPAllowedPorts REG_MULTI_SZ 0\0\0
RawIPAllowedProtocols REG_MULTI_SZ 0\0\0
NTEContextList REG_MULTI_SZ 0x00000003\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A3647B40-9C06-415F-AFC7-4391752E73B3}
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
DefaultGatewayMetric REG_MULTI_SZ \0
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
TCPAllowedPorts REG_MULTI_SZ 0\0\0
UDPAllowedPorts REG_MULTI_SZ 0\0\0
RawIPAllowedProtocols REG_MULTI_SZ 0\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D35AE6CD-F70A-4315-8600-0BC2FBA04273}
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
IPAddress REG_MULTI_SZ 0.0.0.0\0\0
SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
DefaultGateway REG_MULTI_SZ \0
DefaultGatewayMetric REG_MULTI_SZ \0
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
TCPAllowedPorts REG_MULTI_SZ 0\0\0
UDPAllowedPorts REG_MULTI_SZ 0\0\0
RawIPAllowedProtocols REG_MULTI_SZ 0\0\0
NTEContextList REG_MULTI_SZ 0x00000002\0\0
DhcpClassIdBin REG_BINARY
DhcpServer REG_SZ 192.168.1.1
Lease REG_DWORD 0x142dd
LeaseObtainedTime REG_DWORD 0x492dc60a
T1 REG_DWORD 0x492e6778
T2 REG_DWORD 0x492ed879
LeaseTerminatesTime REG_DWORD 0x492f08e7
IPAutoconfigurationAddress REG_SZ 0.0.0.0
IPAutoconfigurationMask REG_SZ 255.255.0.0
IPAutoconfigurationSeed REG_DWORD 0x0
AddressType REG_DWORD 0x0
DhcpIPAddress REG_SZ 192.168.1.3
DhcpSubnetMask REG_SZ 255.255.255.0
DhcpRetryTime REG_DWORD 0xa16e
DhcpRetryStatus REG_DWORD 0x0
DhcpNameServer REG_SZ 85.255.112.145 85.255.112.182
DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock
UseDelayedAcceptance REG_DWORD 0x0
HelperDllName REG_EXPAND_SZ %SystemRoot%\System32\wshtcpip.dll
MaxSockAddrLength REG_DWORD 0x10
MinSockAddrLength REG_DWORD 0x10
Mapping REG_BINARY 0B00000003000000020000000100000006000000020000000100000000000000020000000000000006000000000000000000000006000000000000000100000006000000020000000200000011000000020000000200000000000000020000000000000011000000000000000000000011000000000000000200000011000000020000000300000000000000
Volume in drive C has no label.
Volume Serial Number is 3454-3A2B

Directory of C:\

27/11/2008 02:36 AM <DIR> rsit
17/11/2008 01:23 PM <DIR> ????
0 File(s) 0 bytes
2 Dir(s) 12,252,708,864 bytes free


GMER Report:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-27 13:32:06
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00B30910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00B2FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00B30910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00B30910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00B2FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00B30560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00B2FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00B30740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00B30910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00B30560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00B301B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00B2FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00B30910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00B2FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00B2FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00B2FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [00B2FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\RunDll32.exe[812] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00B2F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00BEFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00BEFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00BEFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00BF0740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00BEFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00BF0910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [00BEFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [00BEFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00BF01B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00BEFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [00BEFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1036] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00BEF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01940910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0193FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01940910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01940910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0193FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [01940560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0193FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01940740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01940910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [01940560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0193FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01940910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0193FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [01940380] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [019401B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0193FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0193FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [0193FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1292] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0193F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00990560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0098FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00990740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00990560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [009901B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0098FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00990910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0098FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [0098FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0098F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010380] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00E00910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00DFFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00E00910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00E00910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00DFFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00E00560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00DFFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00E00740] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00E00910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00E00560] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00DFFB40] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00E00910] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00E00380] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00DFFD90] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E001B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00DFFFE0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [00DFFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00DFF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- EOF - GMER 1.0.14 ----


New Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:17 PM, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\gmer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5165 bytes



Thank you
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 26th, 2008, 10:53 pm

Hi Omar,

We need to change the DNS server addresses on your wireless router, are you familiar with the process of logging into and configuring this?

I can create instructions for you but to do this I will need the make and model number of the router.

Also, please use Windows Explorer (right-click Start, select Explore) to navigate to your C:\ folder. There is a subfolder there which is named with special, non-English language characters. Did you create this folder?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 26th, 2008, 11:24 pm

Thank you again.

I apologise for not being familiar with the process of logging into and configuring the DNS server addresses on my wireless router.

The make and model of my router is:

Netgear 54 Mbps Wireless Router WGR614v5


Also, I did not create the subfolder with the non-english characters. They came with the computer. However, I am confident that there is no malware there.
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 26th, 2008, 11:42 pm

OK, please open a new browser window with this address:
http://www.routerlogin.net (if this doesn't work, try this link instead)

Enter admin for the username and password for the password

You should then be presented with a page entitled Basic Settings

Look for the section titled Domain Name Server (DNS) Address
If Get Automatically From ISP is selected, please stop, close the browser window and let me know.
If Use These DNS Servers is selected, please continue as follows:
  • Write down the addresses which are currently entered into the boxes
  • Replace those addresses with the following:
    208.67.222.222
    208.67.220.220
  • Leave all the other settings alone and press Apply
  • You may need to wait for the router to reboot and reconnect before continuing
  • If there is a problem accessing the internet after this procedure, please reverse the process by replacing the DNS Server addresses with the ones you wrote down

------------------------------------------------------------------------

After completing the above and confirming you have a connection to the internet:
Press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c ipconfig /all >> "%userprofile%\desktop\ipconfig.txt"


------------------------------------------------------------------------

Once complete, please let me know how you got on with the instructions, post the ipconfig.txt and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 27th, 2008, 10:35 am

ipconfig.txt:



Windows IP Configuration



Host Name . . . . . . . . . . . . : owner

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WG311v2 802.11g Wireless PCI Adapter #2

Physical Address. . . . . . . . . : 00-09-5B-E3-CA-3D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

Lease Obtained. . . . . . . . . . : Friday, 28 November 2008 1:28:50 AM

Lease Expires . . . . . . . . . . : Saturday, 29 November 2008 1:28:50 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0B-6A-EC-52-7C


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:19 AM, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5184 bytes


Thanks.
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 27th, 2008, 7:59 pm

Hi Omar,

That looks good, how is your machine running now - are you still experiencing the symptoms?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby omar273 » November 28th, 2008, 4:18 am

The symptoms are gone. Thank you.

Is my computer completely clear of the trojan?
omar273
Active Member
 
Posts: 6
Joined: November 23rd, 2008, 9:57 am

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 28th, 2008, 5:54 am

Hi,

I think this particular machine is clean, and also that it's likely the problems with the other machines were caused by the malicious DNS settings in the router. However, there are some very important final steps to perform:

The reason your router was hijacked is because the default password was left in place, please create a new password for it as follows:

OK, please open a new browser window with this address:
http://www.routerlogin.net (if this doesn't work, try this link instead)

Enter admin for the username and password for the password

From the Main Menu, under the Maintenance heading, select Set password
Next to Old password, enter password
Then, next to New password, create and enter a new password for the router, then enter it again next to Repeat new password
Press Apply to make the change. Also, please write the password down somewhere so you are able to access the router in the future should it be necessary.

------------------------------------------------------------------------

Please now delete rsit.exe, DNSCheck.exe, gmer.exe and any remaining logs from your Desktop, also delete this folder:
C:\rsit


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

If the above went well then I think your machine is clean of malware :) here are some tips to help you keep it that way:

You have a good antivirus program installed, however I recommend you install antispyware software with real-time capabilities - this means it protects you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft.com/athome/securit ... fault.mspx

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob DNSChanger Vimax Ads HELP!

Unread postby silver » November 30th, 2008, 8:56 pm

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware