TechSpot

Search Redirect Virus Help Needed

By amg123
Oct 17, 2010
  1. Hi, it looks like I have the search redirect virus (affecting all search sites I visit), and have tried MBAM, SuperAntiSpyware, and McAfee AntiVirus -- none have helped.
    MBAM made it go away for a few hours, but it came back.

    Below are the logs from MBAM and DSS. GMER log is too big to fit into one post and too big for one attachment so I am following up with the GMER log split into two attachments in the next post.

    Thanks in advance!


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/16/2010 4:03:31 PM
    mbam-log-2010-10-16 (16-03-31).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 211320
    Time elapsed: 1 hour(s), 25 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> No action taken.



    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Andre at 8:58:55.59 on Sun 10/17/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.385 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Andre\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [Google Update] "c:\documents and settings\andre\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-100000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} - hxxps://remote.lw.com/TSWebCtl.CAB
    DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} - hxxps://remote.lw.com/v3rdpchk.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Filter: text/html - {26e86495-885c-4534-af34-09236e637dfa} -
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-10-13 359952]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-10-13 144704]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-1-18 9161]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-10-13 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-13 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-13 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-10-13 40552]
    RUnknown SASDIFSV;SASDIFSV; [x]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-1-18 114016]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-10-13 34248]

    =============== Created Last 30 ================

    2010-10-16 19:23:15 -------- d-----w- c:\docume~1\andre\applic~1\Malwarebytes
    2010-10-16 19:18:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 19:18:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 19:18:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-16 19:18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-14 17:40:58 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-14 17:40:57 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 17:40:57 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 17:40:44 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-14 00:33:41 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-10-14 00:33:41 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
    2010-10-14 00:33:41 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-10-14 00:33:28 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-10-14 00:31:57 -------- d-----w- c:\program files\common files\McAfee
    2010-10-14 00:31:53 -------- d-----w- c:\program files\McAfee.com
    2010-10-14 00:31:18 -------- d-----w- c:\program files\McAfee
    2010-10-14 00:30:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2010-10-13 04:40:23 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\Scansoft
    2010-10-13 03:37:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-10-12 01:29:43 -------- d-----w- C:\QUARANTINE
    2010-10-11 17:19:47 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE
    2010-10-11 17:19:47 45056 ----a-w- c:\windows\system32\BRSS01A.EXE
    2010-10-11 17:15:30 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
    2010-10-11 17:15:30 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
    2010-10-11 17:15:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
    2010-10-11 17:15:30 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
    2010-10-11 17:15:30 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
    2010-10-11 17:15:29 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
    2010-10-11 17:15:29 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
    2010-10-08 22:34:45 -------- d-----r- c:\docume~1\andre\applic~1\Brother
    2010-10-08 22:12:19 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
    2010-10-08 22:12:19 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
    2010-10-08 22:09:59 131072 ----a-w- c:\windows\brunin03.dll
    2010-10-08 22:09:59 -------- d-----w- c:\program files\Brother
    2010-10-08 22:06:07 -------- d-----w- c:\program files\Nuance
    2010-10-08 22:03:01 -------- d-----w- c:\program files\common files\ScanSoft Shared
    2010-10-08 22:02:40 -------- d-----w- c:\program files\ScanSoft
    2010-10-08 22:00:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Brother
    2010-10-01 22:33:52 -------- d-----w- c:\docume~1\andre\applic~1\Jaran Nilsen
    2010-10-01 22:33:38 -------- d-----w- c:\program files\iTunes Agent

    ==================== Find3M ====================

    2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-14 18:35:39 5798 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-10 10:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 10:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-07-27 23:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 23:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-27 23:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 9:00:40.42 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/18/2006 6:40:27 PM
    System Uptime: 10/17/2010 8:46:24 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0KD882
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1595/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 4.773 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 12.47 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 10/12/2010 11:40:17 PM - System Checkpoint
    RP2: 10/13/2010 7:28:45 PM - Removed McAfee VirusScan Enterprise
    RP3: 10/14/2010 8:02:16 PM - System Checkpoint
    RP4: 10/14/2010 9:48:24 PM - Software Distribution Service 3.0
    RP5: 10/16/2010 9:50:46 PM - System Checkpoint

    ==== Installed Programs ======================

    3300 Software Uninstall
    ABBYY FineReader 6.0 Sprint
    Adobe Acrobat 7.0 Standard
    Adobe Acrobat 7.1.0 Standard
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0.8
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATT-PRT22
    Bonjour
    Broadcom Management Programs
    Brother BRAdmin Light 1.12
    Brother Driver Deployment Wizard
    Brother MFL-Pro Suite
    CA Pest Patrol Realtime Protection
    Citrix ICA Client
    Citrix ICA Client ( Accessories )
    Citrix XenApp Plugin for Hosted Apps
    Comcast Desktop Software (v1.2.0.9)
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar 3.0
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Corel Paint Shop Pro Photo XI
    Corel WordPerfect Office - iFilter
    Dell Digital Jukebox Driver
    Dell Support 3.1
    Dell System Restore
    Dell Wireless WLAN Card
    DellConnect
    Desktop Doctor
    Digital Content Portal
    Digital Line Detect
    Documentation & Support Launcher
    Drivers Install For Linksys Easylink Advisor
    EarthLink setup files
    EducateU
    ELIcon
    ESPNMotion
    Games, Music, & Photos Launcher
    GemMaster Mystic
    Google Chrome
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Imation Disk Manager V a Service
    Intel(R) Graphics Media Accelerator Driver
    Internet Dialer
    Internet Service Offers Launcher
    iTunes
    iTunes Agent 1.3.3
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Juniper Terminal Services Client
    Learn2 Player (Uninstall Only)
    Linksys EasyLink Advisor 1.6 (0032)
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Office Small Business Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Modem Helper
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NetWaiting
    NetZeroInstallers
    Nortel Networks Contivity VPN Client
    Otto
    PaperPort Image Printer
    PowerDVD 5.7
    QuickSet
    QuickTime
    RealPlayer Basic
    ScanSoft PaperPort 11
    ScrewDrivers Client v3
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    v3 RDP Only Web Push (nstl chk)
    Viewpoint Media Player
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WinAVI Video Converter
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WordPerfect Office 2002 Professional
    WordPerfect Office X3

    ==== Event Viewer Messages From Past Week ========

    10/16/2010 8:04:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:27 PM, error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:26 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:26 PM, error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:26 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 8:04:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 1:44:54 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f7a380b4, parameter3 f7a37db0, parameter4 85f50852.
    10/11/2010 7:59:27 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/11/2010 12:11:25 PM, error: Print [6161] - The document Microsoft Word - New wireless key.doc owned by Andre failed to print on printer Brother MFC-7840W Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BUBBLE. Win32 error code returned by the print processor: 123 (0x7b).
    10/11/2010 12:11:05 PM, error: Print [6161] - The document Microsoft Word - Quebec.doc owned by Andre failed to print on printer Brother MFC-7840W Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BUBBLE. Win32 error code returned by the print processor: 123 (0x7b).
    10/11/2010 10:38:21 AM, error: Print [6161] - The document Microsoft Word - New wireless key.doc owned by Andre failed to print on printer Brother MFC-7840W Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 7752. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BUBBLE. Win32 error code returned by the print processor: 123 (0x7b).
    10/11/2010 1:37:59 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    10/11/2010 1:23:12 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 1:06:36 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

    ==== End Of File ===========================
     
  2. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    The GMER Logs are attached

    It was too big for one attachment so I split it into two.
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your MBAM log says "No action taken" after each line.
    Please, re-run it, FIX all issues and post new log.

    ==========================================================================

    If you need to split some log(s) into more than 2 replies, please do so.
    It'll save me some time, so I don't have to do it for you.

    =========================================================================

    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-17 11:58:58
    Windows 5.1.2600 Service Pack 3
    Running: 3zxt5rnq.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\pwtdqpoc.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B485CB

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010380] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[292] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[400] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00FE0740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00FE0560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00FDFB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00FE0740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00FE0560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00FDFB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00FE0910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00FE01B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00FDFFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [00FDFA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[856] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010380] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010380] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1304] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\winlogon.exe[1668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1928] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\dllhost.exe[2072] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010740] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010560] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010910] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [100101B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [1000FA00] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FFE0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FB40] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\msiexec.exe[2552] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FD90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \FileSystem\Fastfat \Fat A8AB9D20
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Now, post correct MBAM log.
     
  10. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    New MBAM Log

    Thanks for your help. The new MBAM log is below.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/17/2010 8:26:02 PM
    mbam-log-2010-10-17 (20-26-02).txt

    Scan type: Quick scan
    Objects scanned: 138355
    Time elapsed: 18 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  12. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    MBRCheck Log - Thanks!

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 154):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7AFD000 \WINDOWS\system32\KDCOM.DLL
    0xF7A0D000 \WINDOWS\system32\BOOTVID.dll
    0xF74CE000 ACPI.sys
    0xF7AFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF74BD000 pci.sys
    0xF75FD000 isapnp.sys
    0xF7A11000 compbatt.sys
    0xF7A15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7BC5000 pciide.sys
    0xF787D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF760D000 MountMgr.sys
    0xF749E000 ftdisk.sys
    0xF7478000 dmio.sys
    0xF7885000 PartMgr.sys
    0xF761D000 VolSnap.sys
    0xF7460000 atapi.sys
    0xF762D000 disk.sys
    0xF763D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7440000 fltmgr.sys
    0xF742E000 sr.sys
    0xF7419000 drvmcdb.sys
    0xF7402000 KSecDD.sys
    0xF7375000 Ntfs.sys
    0xF7348000 NDIS.sys
    0xF764D000 ohci1394.sys
    0xF765D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF732E000 Mup.sys
    0xF76FD000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF784D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7AE1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6DFC000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6DE8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6DC0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6D58000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF798D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6D34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7995000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF785D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF6D20000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF799D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0xF786D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0xF6CD4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0xF767D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF6CA5000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7B29000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79A5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF79AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF768D000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7B2B000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF769D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76AD000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6C82000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF79B5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7B2D000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF7BE0000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF76BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7AF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6C6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF79BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6C5A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76ED000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF79C5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF79CD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF72FA000 \SystemRoot\system32\DRIVERS\eacfilt.sys
    0xF6C3F000 \SystemRoot\system32\DRIVERS\ipsecw2k.sys
    0xF6C0F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF770D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B2F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6B11000 \SystemRoot\system32\DRIVERS\update.sys
    0xF72F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF79D5000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF771D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA667000 \SystemRoot\system32\drivers\sthda.sys
    0xAA643000 \SystemRoot\system32\drivers\portcls.sys
    0xF773D000 \SystemRoot\system32\drivers\drmk.sys
    0xAA611000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xAA514000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xAA464000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF79DD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF774D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7AC1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B3D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7CEC000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B3F000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF79ED000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF79F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF79FD000 \SystemRoot\System32\drivers\vga.sys
    0xF7B41000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A05000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7895000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7AC9000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA052000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA9FF9000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA9FD2000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xA9FAC000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF775D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xA9F84000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA9F62000 \SystemRoot\System32\drivers\afd.sys
    0xF776D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA9F37000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9EC7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA9E94000 \SystemRoot\system32\drivers\mfehidk.sys
    0xF778D000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF779D000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF77AD000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF6AF5000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF77CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA9DB4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7B51000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA330000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF78AD000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BE2000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF6B9F000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7C1B000 \SystemRoot\system32\dla\tfsndres.sys
    0xA9C5E000 \SystemRoot\system32\dla\tfsnifs.sys
    0xA9D84000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF7B5B000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF78C5000 \SystemRoot\system32\dla\tfsnboio.sys
    0xF6B8F000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7C1C000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA9C45000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA9C2C000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF78DD000 \SystemRoot\system32\DRIVERS\elagopro.sys
    0xA9C94000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA99A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7B8D000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF7B91000 \SystemRoot\system32\DRIVERS\elaunidr.sys
    0xA9786000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA963E000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA94AA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF793D000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA8D1C000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xA9B0C000 \SystemRoot\system32\drivers\mfesmfk.sys
    0xA8BEF000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9D04000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7B27000 \SystemRoot\system32\drivers\splitter.sys
    0xA8BCC000 \SystemRoot\system32\drivers\aec.sys
    0xA8C44000 \SystemRoot\system32\drivers\swmidi.sys
    0xA930E000 \SystemRoot\system32\drivers\DMusic.sys
    0xA8BA1000 \SystemRoot\system32\drivers\kmixer.sys
    0xF7C04000 \SystemRoot\system32\drivers\drmkaud.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 80):
    0 System Idle Process
    4 System
    1604 C:\WINDOWS\system32\smss.exe
    1656 csrss.exe
    1680 C:\WINDOWS\system32\winlogon.exe
    1732 C:\WINDOWS\system32\services.exe
    1744 C:\WINDOWS\system32\lsass.exe
    1948 C:\WINDOWS\system32\svchost.exe
    1996 svchost.exe
    316 C:\WINDOWS\system32\svchost.exe
    488 svchost.exe
    880 svchost.exe
    1052 C:\WINDOWS\system32\WLTRYSVC.EXE
    1064 C:\WINDOWS\system32\BCMWLTRY.EXE
    1220 C:\WINDOWS\system32\BRSVC01A.EXE
    1236 C:\WINDOWS\system32\spoolsv.exe
    1280 C:\WINDOWS\system32\BRSS01A.EXE
    1348 svchost.exe
    1400 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    1432 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1464 C:\Program Files\Bonjour\mDNSResponder.exe
    1484 C:\WINDOWS\ehome\ehrecvr.exe
    1524 C:\WINDOWS\ehome\ehSched.exe
    492 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    544 C:\Program Files\Common Files\Motive\McciCMService.exe
    752 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    784 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    868 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    908 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    1116 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1360 C:\Program Files\McAfee\MPF\MpfSrv.exe
    1476 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    1636 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    1896 C:\WINDOWS\system32\PSIService.exe
    2072 locator.exe
    2112 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    2236 svchost.exe
    2264 C:\WINDOWS\system32\svchost.exe
    2440 C:\WINDOWS\system32\UStorSrv.exe
    2984 mcrdsvc.exe
    3420 wmiprvse.exe
    3908 C:\WINDOWS\system32\dllhost.exe
    2680 alg.exe
    2356 C:\WINDOWS\system32\svchost.exe
    3012 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    1044 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    3384 C:\WINDOWS\explorer.exe
    2360 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3876 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    608 C:\WINDOWS\stsystra.exe
    620 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    2232 C:\WINDOWS\system32\igfxpers.exe
    2904 C:\WINDOWS\system32\hkcmd.exe
    2576 C:\WINDOWS\ehome\ehtray.exe
    3948 C:\WINDOWS\system32\igfxsrvc.exe
    2652 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    260 C:\WINDOWS\system32\dla\tfswctrl.exe
    3644 C:\WINDOWS\ehome\ehmsas.exe
    3256 C:\Program Files\Dell\QuickSet\quickset.exe
    3332 C:\WINDOWS\system32\ctfmon.exe
    3008 C:\WINDOWS\system32\WLTRAY.EXE
    1144 C:\WINDOWS\system32\msiexec.exe
    208 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    368 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    3432 C:\Program Files\iTunes\iTunesHelper.exe
    3884 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    1900 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    3720 C:\Program Files\NetWaiting\netwaiting.exe
    3816 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    2408 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2296 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    2096 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    896 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    3960 C:\Program Files\Digital Line Detect\DLG.exe
    3920 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    760 C:\Program Files\iPod\bin\iPodService.exe
    3800 C:\Documents and Settings\Andre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3272 C:\Documents and Settings\Andre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1156 C:\Documents and Settings\Andre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3680 C:\Documents and Settings\Andre\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`53198a00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541060G9SA00, Rev: MB3OC60R

    Size Device Name MBR Status
    --------------------------------------------
    54 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  14. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    New MBRCheck Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 148):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7AFD000 \WINDOWS\system32\KDCOM.DLL
    0xF7A0D000 \WINDOWS\system32\BOOTVID.dll
    0xF74CE000 ACPI.sys
    0xF7AFF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF74BD000 pci.sys
    0xF75FD000 isapnp.sys
    0xF7A11000 compbatt.sys
    0xF7A15000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7BC5000 pciide.sys
    0xF787D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF760D000 MountMgr.sys
    0xF749E000 ftdisk.sys
    0xF7478000 dmio.sys
    0xF7885000 PartMgr.sys
    0xF761D000 VolSnap.sys
    0xF7460000 atapi.sys
    0xF762D000 disk.sys
    0xF763D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7440000 fltmgr.sys
    0xF742E000 sr.sys
    0xF7419000 drvmcdb.sys
    0xF7402000 KSecDD.sys
    0xF7375000 Ntfs.sys
    0xF7348000 NDIS.sys
    0xF764D000 ohci1394.sys
    0xF765D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF732E000 Mup.sys
    0xF771D000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF767D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7AF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6E1E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6E0A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6DE2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6D7A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF798D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6D56000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7995000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF768D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF6D42000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF799D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0xF769D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0xF6CF6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0xF76AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF6CC7000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7B2D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79A5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF79AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF76BD000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7B2F000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF76CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76DD000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6CA4000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF79B5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7B31000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF7BEB000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF76ED000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7302000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6C8D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76FD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF770D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF79BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6C7C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF772D000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF79C5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF79CD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF72F2000 \SystemRoot\system32\DRIVERS\eacfilt.sys
    0xF6C61000 \SystemRoot\system32\DRIVERS\ipsecw2k.sys
    0xF6C31000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF773D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B33000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6B33000 \SystemRoot\system32\DRIVERS\update.sys
    0xF6F90000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF79D5000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF775D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA667000 \SystemRoot\system32\drivers\sthda.sys
    0xAA643000 \SystemRoot\system32\drivers\portcls.sys
    0xF777D000 \SystemRoot\system32\drivers\drmk.sys
    0xAA4E1000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xAA3E4000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xAA334000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF79DD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF778D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7ADD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B45000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D14000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B47000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF79F5000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF79FD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7A05000 \SystemRoot\System32\drivers\vga.sys
    0xF7B49000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B4B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7895000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF790D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7AE5000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA052000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA9FF9000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA9FD2000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xA9FAC000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF779D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xA9F84000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA9F62000 \SystemRoot\System32\drivers\afd.sys
    0xF77AD000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA9F37000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9EC7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA9E94000 \SystemRoot\system32\drivers\mfehidk.sys
    0xF77CD000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF77DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF77ED000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF7AA1000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF783D000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA9DB4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7B57000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA304000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF78D5000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C3F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9E4C000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7BD7000 \SystemRoot\system32\dla\tfsndres.sys
    0xA9C5E000 \SystemRoot\system32\dla\tfsnifs.sys
    0xA9D88000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF7B79000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF78E5000 \SystemRoot\system32\dla\tfsnboio.sys
    0xA9E3C000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7C23000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA9C1D000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA9C04000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF78FD000 \SystemRoot\system32\DRIVERS\elagopro.sys
    0xA9C56000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA99A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7B17000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF7B23000 \SystemRoot\system32\DRIVERS\elaunidr.sys
    0xA97AE000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA9706000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA9546000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA8EF9000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA93DE000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF78AD000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA87D9000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xA85D1000 \SystemRoot\system32\drivers\mfesmfk.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 79):
    0 System Idle Process
    4 System
    1608 C:\WINDOWS\system32\smss.exe
    1660 csrss.exe
    1684 C:\WINDOWS\system32\winlogon.exe
    1736 C:\WINDOWS\system32\services.exe
    1748 C:\WINDOWS\system32\lsass.exe
    1952 C:\WINDOWS\system32\svchost.exe
    2000 svchost.exe
    316 C:\WINDOWS\system32\svchost.exe
    568 svchost.exe
    888 svchost.exe
    1064 C:\WINDOWS\system32\WLTRYSVC.EXE
    1084 C:\WINDOWS\system32\BCMWLTRY.EXE
    1228 C:\WINDOWS\system32\BRSVC01A.EXE
    1260 C:\WINDOWS\system32\BRSS01A.EXE
    1256 C:\WINDOWS\system32\spoolsv.exe
    1324 svchost.exe
    1372 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    1408 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1436 C:\Program Files\Bonjour\mDNSResponder.exe
    1452 C:\WINDOWS\ehome\ehrecvr.exe
    1496 C:\WINDOWS\ehome\ehSched.exe
    252 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    304 C:\Program Files\Common Files\Motive\McciCMService.exe
    456 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    500 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    696 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    740 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    944 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1016 C:\Program Files\McAfee\MPF\MpfSrv.exe
    1464 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    1568 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    1632 C:\WINDOWS\system32\PSIService.exe
    1824 locator.exe
    1960 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    2120 svchost.exe
    2236 C:\WINDOWS\system32\svchost.exe
    2412 C:\WINDOWS\system32\UStorSrv.exe
    2936 C:\WINDOWS\system32\wuauclt.exe
    2992 mcrdsvc.exe
    3028 C:\WINDOWS\explorer.exe
    548 C:\WINDOWS\system32\dllhost.exe
    3220 alg.exe
    3388 wmiprvse.exe
    3828 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    2780 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2872 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3620 C:\WINDOWS\stsystra.exe
    3616 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3884 C:\WINDOWS\system32\igfxpers.exe
    3020 C:\WINDOWS\system32\hkcmd.exe
    1740 C:\WINDOWS\ehome\ehtray.exe
    3108 C:\WINDOWS\system32\igfxsrvc.exe
    144 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    592 C:\WINDOWS\system32\dla\tfswctrl.exe
    980 C:\WINDOWS\system32\msiexec.exe
    2816 C:\Program Files\Dell\QuickSet\quickset.exe
    3428 C:\WINDOWS\system32\WLTRAY.EXE
    148 C:\WINDOWS\ehome\ehmsas.exe
    2676 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    3592 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    1792 C:\Program Files\iTunes\iTunesHelper.exe
    2668 C:\WINDOWS\system32\svchost.exe
    1076 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    4088 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    3784 C:\Program Files\NetWaiting\netwaiting.exe
    3024 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    3996 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    2108 C:\WINDOWS\system32\ctfmon.exe
    2956 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2692 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    3516 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    556 C:\Program Files\Digital Line Detect\DLG.exe
    572 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    964 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    3796 C:\Program Files\iPod\bin\iPodService.exe
    1928 wmiprvse.exe
    3232 C:\Documents and Settings\Andre\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`53198a00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541060G9SA00, Rev: MB3OC60R

    Size Device Name MBR Status
    --------------------------------------------
    54 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    Combofix log

    ComboFix 10-10-18.03 - Andre 10/19/2010 6:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.377 [GMT -5:00]
    Running from: c:\documents and settings\Andre\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documents\Server\admin.txt
    c:\documents and settings\All Users\Documents\Server\server.dat
    c:\documents and settings\Andre\GoToAssistDownloadHelper.exe
    c:\program files\Shared

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
    .

    2010-10-17 18:03 . 2010-02-17 21:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
    2010-10-17 18:03 . 2010-02-17 21:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-10-17 18:03 . 2010-02-17 21:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-10-17 18:03 . 2010-07-15 20:18 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-10-17 18:02 . 2010-10-17 18:03 -------- d-----w- c:\program files\Common Files\McAfee
    2010-10-17 18:01 . 2010-10-18 23:51 -------- d-----w- c:\program files\McAfee
    2010-10-17 18:00 . 2010-02-17 21:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2010-10-16 19:23 . 2010-10-16 19:23 -------- d-----w- c:\documents and settings\Andre\Application Data\Malwarebytes
    2010-10-16 19:18 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 19:18 . 2010-10-16 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-16 19:18 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 19:18 . 2010-10-16 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-14 17:40 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-14 17:40 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 17:40 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 17:40 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 04:40 . 2010-10-13 04:40 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\Scansoft
    2010-10-13 03:37 . 2010-10-13 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-10-12 01:29 . 2010-10-12 01:29 -------- d-----w- C:\QUARANTINE
    2010-10-11 17:19 . 2002-04-12 05:00 57344 ----a-w- c:\windows\system32\BRSVC01A.EXE
    2010-10-11 17:19 . 2001-12-13 05:01 45056 ----a-w- c:\windows\system32\BRSS01A.EXE
    2010-10-11 17:15 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
    2010-10-11 17:15 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
    2010-10-11 17:15 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
    2010-10-11 17:15 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
    2010-10-11 17:15 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
    2010-10-11 17:15 . 2010-10-11 17:15 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
    2010-10-11 17:15 . 2010-10-11 17:15 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
    2010-10-08 22:34 . 2010-10-08 22:34 -------- d-----r- c:\documents and settings\Andre\Application Data\Brother
    2010-10-08 22:12 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
    2010-10-08 22:12 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
    2010-10-08 22:09 . 2010-10-11 17:15 -------- d-----w- c:\program files\Brother
    2010-10-08 22:09 . 2007-02-15 18:54 131072 ----a-w- c:\windows\brunin03.dll
    2010-10-08 22:09 . 2010-10-08 22:09 -------- d-----w- c:\documents and settings\Andre\Application Data\InstallShield
    2010-10-08 22:06 . 2010-10-08 22:06 -------- d-----w- c:\program files\Nuance
    2010-10-08 22:03 . 2010-10-08 22:03 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2010-10-08 22:02 . 2010-10-08 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2010-10-08 22:02 . 2010-10-08 22:02 -------- d-----w- c:\program files\ScanSoft
    2010-10-08 22:00 . 2010-10-08 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
    2010-10-01 22:33 . 2010-10-01 22:33 -------- d-----w- c:\documents and settings\Andre\Application Data\Jaran Nilsen
    2010-10-01 22:33 . 2010-10-01 22:33 -------- d-----w- c:\program files\iTunes Agent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "Google Update"="c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-06 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2006-9-18 25214]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-11 24576]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Nortel Networks\\Extranet.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Documents and Settings\\Andre\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=
    "c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "54925:UDP"= 54925:UDP:Brother Network Scanner

    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [1/18/2008 11:26 AM 9161]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:58 PM 135664]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [1/18/2008 11:26 AM 114016]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:58]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:58]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006Core.job
    - c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-16 13:46]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006UA.job
    - c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-16 13:46]

    2010-10-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-17 17:22]

    2010-10-17 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-17 17:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
    DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} - hxxps://remote.lw.com/TSWebCtl.CAB
    DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
    AddRemove-Imation Disk Manager V a Service - c:\docume~1\Andre\LOCALS~1\Temp\Imation Disk Manager V a.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb


    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1680)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll

    - - - - - - - > 'explorer.exe'(3696)
    c:\windows\system32\WININET.dll
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\brss01a.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\CA\PPRT\bin\ITMRTSVC.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\locator.exe
    c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    c:\windows\system32\UStorSrv.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\msiexec.exe
    c:\windows\stsystra.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Brother\ControlCenter3\brccMCtl.exe
    c:\program files\Brother\Brmfcmon\BrMfimon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-19 07:09:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-19 12:09

    Pre-Run: 4,880,134,144 bytes free
    Post-Run: 4,998,705,152 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 28ED2675F7FE650283BA320791E62AB2
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    That looks much better :)


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    OTL Log Part 1

    OTL logfile created on: 10/19/2010 6:19:37 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Andre\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 27.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.24 Gb Total Space | 4.67 Gb Free Space | 12.53% Space Free | Partition Type: NTFS
    Drive D: | 12.54 Gb Total Space | 12.47 Gb Free Space | 99.44% Space Free | Partition Type: NTFS

    Computer Name: BUBBLE | User Name: Andre | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    PRC - [2009/02/10 11:03:16 | 000,745,472 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/31 14:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    PRC - [2007/11/09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    PRC - [2007/07/14 11:29:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
    PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
    PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
    MOD - [2006/04/06 14:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2005/12/13 16:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
    SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
    SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
    SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andre\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2006/09/11 23:57:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/11/02 12:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2002/05/01 00:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2002/05/01 00:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2002/04/22 15:50:14 | 000,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



    O1 HOSTS File: ([2010/10/19 07:02:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} https://remote.lw.com/TSWebCtl.CAB (TSWebCtl.UCTSWeb)
    O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} https://remote.lw.com/v3rdpchk.cab (v3 silent install)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://www1.snapfish.com/SnapfishActivia3.cab (Snapfish Activia3)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: MSACM.CTRXAUD - ctrxaud.acm File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: VIDC.CTRX - ctrxvid.drv File not found
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 90 Days ==========

    File not found -- C:\Documents and Settings\Andre\Desktop\ComboFix.exe
    [2010/10/19 18:18:09 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    [2010/10/19 06:50:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/19 06:46:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/19 06:46:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/19 06:46:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/19 06:46:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/19 06:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/19 06:46:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/18 20:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\NTBR_CD
    [2010/10/17 13:03:49 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
    [2010/10/17 13:03:49 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/10/17 13:03:48 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/10/17 13:03:42 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
    [2010/10/17 13:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2010/10/17 13:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010/10/17 13:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2010/10/17 13:00:32 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
    [2010/10/16 14:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Malwarebytes
    [2010/10/16 14:18:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/16 14:18:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/16 14:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/16 14:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/16 13:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\Comcast
    [2010/10/16 13:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\Travel
    [2010/10/12 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\Scansoft
    [2010/10/12 23:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/12 22:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/10/11 20:29:43 | 000,000,000 | ---D | C] -- C:\QUARANTINE
    [2010/10/11 17:10:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/11 12:19:47 | 000,057,344 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRSVC01A.EXE
    [2010/10/11 12:19:47 | 000,045,056 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRSS01A.EXE
    [2010/10/08 17:34:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andre\Application Data\Brother
    [2010/10/08 17:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
    [2010/10/08 17:10:34 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
    [2010/10/08 17:10:12 | 000,094,208 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
    [2010/10/08 17:10:12 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
    [2010/10/08 17:10:12 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
    [2010/10/08 17:10:10 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
    [2010/10/08 17:10:05 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
    [2010/10/08 17:10:05 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
    [2010/10/08 17:10:05 | 000,041,472 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
    [2010/10/08 17:10:03 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
    [2010/10/08 17:10:03 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
    [2010/10/08 17:10:03 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
    [2010/10/08 17:10:03 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
    [2010/10/08 17:10:03 | 000,000,000 | ---D | C] -- C:\Brother
    [2010/10/08 17:10:00 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
    [2010/10/08 17:10:00 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05a.dll
    [2010/10/08 17:10:00 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
    [2010/10/08 17:10:00 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
    [2010/10/08 17:09:59 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
    [2010/10/08 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
    [2010/10/08 17:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\InstallShield
    [2010/10/08 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
    [2010/10/08 17:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
    [2010/10/08 17:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
    [2010/10/08 17:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/10/08 17:02:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/10/08 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
    [2010/10/01 17:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Jaran Nilsen
    [2010/10/01 17:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
    [2010/09/10 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\support.com
    [2010/09/05 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/05 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/05 22:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/09/05 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/09/05 22:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Mozilla
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\eMusic
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\eMusic
    [2010/09/05 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
    [2010/09/05 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
    [2010/09/04 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Systweak
    [2010/07/30 11:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\My Documents\Downloads
    [2010/07/30 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/07/30 09:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast
    [2010/07/30 09:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\CallingID
    [2010/07/30 09:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
    [2010/07/30 09:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA
    [2010/07/30 09:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\comcasttb
    [2010/07/30 09:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
    [2010/07/30 09:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\SupportSoft
    [2010/07/30 09:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
    [2010/07/30 09:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI

    ========== Files - Modified Within 90 Days ==========

    [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    [2010/10/19 18:05:00 | 000,007,343 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/10/19 07:06:48 | 000,464,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/19 07:06:48 | 000,081,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/19 07:04:12 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2010/10/19 07:02:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/19 07:02:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/19 07:02:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/19 07:01:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/19 07:01:48 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/19 06:50:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/10/18 21:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006UA.job
    [2010/10/18 20:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/18 20:55:10 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\NTBR_CD.exe
    [2010/10/18 20:01:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006Core.job
    [2010/10/18 19:12:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\MBRCheck.exe
    [2010/10/17 19:31:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/17 13:07:28 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/10/17 13:02:49 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/10/17 13:02:48 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/10/16 20:41:06 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\dds.scr
    [2010/10/16 20:40:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\3zxt5rnq.exe
    [2010/10/16 20:17:26 | 000,088,850 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2010/10/16 16:54:45 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Google Chrome.lnk
    [2010/10/16 16:54:45 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 14:18:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/16 13:12:49 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/14 22:00:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/14 17:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 22:04:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/11 12:19:48 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\brsvc01a.bsi
    [2010/10/11 12:19:48 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\brss01a.ini
    [2010/10/11 12:19:47 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7840w.dat
    [2010/10/08 17:16:24 | 000,004,267 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
    [2010/10/08 17:12:44 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
    [2010/10/08 17:12:06 | 000,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/10/08 17:12:06 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
    [2010/10/08 17:12:06 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
    [2010/10/04 19:57:44 | 001,068,203 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\sf2809.pdf
    [2010/09/14 13:35:39 | 000,005,798 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/09/12 14:22:03 | 000,061,876 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/10 17:45:09 | 000,001,097 | ---- | M] () -- C:\net_save.dna
    [2010/09/06 07:14:53 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Meenu Will.doc
    [2010/09/06 07:13:44 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Mon Will.doc
    [2010/08/11 19:25:05 | 002,002,478 | ---- | M] () -- C:\WINDOWS\iis6.BAK

    ========== Files Created - No Company Name ==========

    [2010/10/19 06:50:36 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/10/19 06:50:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/19 06:46:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/19 06:46:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/19 06:46:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/19 06:46:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/19 06:46:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/18 20:55:05 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\NTBR_CD.exe
    [2010/10/18 19:12:05 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\MBRCheck.exe
    [2010/10/17 13:07:42 | 000,007,343 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
    [2010/10/17 13:07:28 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/10/17 13:02:49 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/10/17 13:02:48 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/10/16 20:41:33 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\dds.scr
    [2010/10/16 20:40:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\3zxt5rnq.exe
    [2010/10/16 20:17:26 | 000,088,850 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2010/10/16 16:54:45 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\Google Chrome.lnk
    [2010/10/16 16:54:45 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 16:51:25 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006UA.job
    [2010/10/16 16:51:25 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006Core.job
    [2010/10/16 14:18:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/11 12:19:48 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\brsvc01a.bsi
    [2010/10/11 12:19:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2010/10/08 17:12:44 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2010/10/08 17:12:06 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/10/08 17:12:06 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2010/10/08 17:12:06 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7840w.dat
    [2010/10/08 17:10:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
    [2010/10/08 17:10:03 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2010/10/08 17:10:02 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
    [2010/10/08 17:10:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2010/10/08 17:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2010/10/08 17:10:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2010/10/08 17:05:17 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2010/10/04 19:57:42 | 001,068,203 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\sf2809.pdf
    [2010/09/12 14:22:03 | 000,061,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/10 17:45:09 | 000,001,097 | ---- | C] () -- C:\net_save.dna
    [2010/09/05 22:17:01 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/11 14:43:49 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/18 10:50:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\PFP100JPR.{PB
    [2009/11/18 10:50:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\PFP100JCM.{PB
    [2008/05/11 22:05:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
    [2008/05/10 09:51:29 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2008/05/10 09:51:29 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\80936C0B21.sys
    [2008/01/18 12:25:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
    [2007/05/13 21:45:31 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-
     
  19. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    OTL Part 2

    OTL Part 1 of 2

    OTL logfile created on: 10/19/2010 6:19:37 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Andre\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 27.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.24 Gb Total Space | 4.67 Gb Free Space | 12.53% Space Free | Partition Type: NTFS
    Drive D: | 12.54 Gb Total Space | 12.47 Gb Free Space | 99.44% Space Free | Partition Type: NTFS

    Computer Name: BUBBLE | User Name: Andre | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    PRC - [2009/02/10 11:03:16 | 000,745,472 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/31 14:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    PRC - [2007/11/09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    PRC - [2007/07/14 11:29:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
    PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
    PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
    MOD - [2006/04/06 14:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2005/12/13 16:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
    SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
    SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
    SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andre\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2006/09/11 23:57:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/11/02 12:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2002/05/01 00:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2002/05/01 00:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2002/04/22 15:50:14 | 000,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060912

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



    O1 HOSTS File: ([2010/10/19 07:02:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} https://remote.lw.com/TSWebCtl.CAB (TSWebCtl.UCTSWeb)
    O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} https://remote.lw.com/v3rdpchk.cab (v3 silent install)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://www1.snapfish.com/SnapfishActivia3.cab (Snapfish Activia3)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: MSACM.CTRXAUD - ctrxaud.acm File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: VIDC.CTRX - ctrxvid.drv File not found
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 90 Days ==========

    File not found -- C:\Documents and Settings\Andre\Desktop\ComboFix.exe
    [2010/10/19 18:18:09 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    [2010/10/19 06:50:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/19 06:46:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/19 06:46:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/19 06:46:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/19 06:46:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/19 06:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/19 06:46:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/18 20:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\NTBR_CD
    [2010/10/17 13:03:49 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
    [2010/10/17 13:03:49 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/10/17 13:03:48 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/10/17 13:03:42 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
    [2010/10/17 13:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2010/10/17 13:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010/10/17 13:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2010/10/17 13:00:32 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
    [2010/10/16 14:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Malwarebytes
    [2010/10/16 14:18:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/16 14:18:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/16 14:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/16 14:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/16 13:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\Comcast
    [2010/10/16 13:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Desktop\Travel
    [2010/10/12 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\Scansoft
    [2010/10/12 23:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/12 22:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/10/11 20:29:43 | 000,000,000 | ---D | C] -- C:\QUARANTINE
    [2010/10/11 17:10:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/11 12:19:47 | 000,057,344 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRSVC01A.EXE
    [2010/10/11 12:19:47 | 000,045,056 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRSS01A.EXE
    [2010/10/08 17:34:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andre\Application Data\Brother
    [2010/10/08 17:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
    [2010/10/08 17:10:34 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
    [2010/10/08 17:10:12 | 000,094,208 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
    [2010/10/08 17:10:12 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
    [2010/10/08 17:10:12 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
    [2010/10/08 17:10:10 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
    [2010/10/08 17:10:05 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
    [2010/10/08 17:10:05 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
    [2010/10/08 17:10:05 | 000,041,472 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
    [2010/10/08 17:10:03 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
    [2010/10/08 17:10:03 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
    [2010/10/08 17:10:03 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
    [2010/10/08 17:10:03 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
    [2010/10/08 17:10:03 | 000,000,000 | ---D | C] -- C:\Brother
    [2010/10/08 17:10:00 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
    [2010/10/08 17:10:00 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05a.dll
    [2010/10/08 17:10:00 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
    [2010/10/08 17:10:00 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
    [2010/10/08 17:09:59 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
    [2010/10/08 17:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
    [2010/10/08 17:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\InstallShield
    [2010/10/08 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
    [2010/10/08 17:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
    [2010/10/08 17:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
    [2010/10/08 17:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/10/08 17:02:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/10/08 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
    [2010/10/01 17:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Jaran Nilsen
    [2010/10/01 17:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
    [2010/09/10 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\support.com
    [2010/09/05 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/05 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/05 22:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/09/05 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/09/05 22:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Mozilla
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\eMusic
    [2010/09/05 21:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\eMusic
    [2010/09/05 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
    [2010/09/05 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
    [2010/09/04 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Systweak
    [2010/07/30 11:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\My Documents\Downloads
    [2010/07/30 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/07/30 09:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast
    [2010/07/30 09:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\CallingID
    [2010/07/30 09:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
    [2010/07/30 09:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA
    [2010/07/30 09:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\comcasttb
    [2010/07/30 09:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
    [2010/07/30 09:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\SupportSoft
    [2010/07/30 09:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
    [2010/07/30 09:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI

    ========== Files - Modified Within 90 Days ==========
     
  20. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    OTL Part 2

    OTL Part 2 of 2



    [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
    [2010/10/19 18:05:00 | 000,007,343 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/10/19 07:06:48 | 000,464,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/19 07:06:48 | 000,081,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/19 07:04:12 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2010/10/19 07:02:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/19 07:02:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/19 07:02:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/19 07:01:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/19 07:01:48 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/19 06:50:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/10/18 21:01:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006UA.job
    [2010/10/18 20:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/18 20:55:10 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\NTBR_CD.exe
    [2010/10/18 20:01:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006Core.job
    [2010/10/18 19:12:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\MBRCheck.exe
    [2010/10/17 19:31:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/17 13:07:28 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/10/17 13:02:49 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/10/17 13:02:48 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/10/16 20:41:06 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\dds.scr
    [2010/10/16 20:40:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\3zxt5rnq.exe
    [2010/10/16 20:17:26 | 000,088,850 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2010/10/16 16:54:45 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Google Chrome.lnk
    [2010/10/16 16:54:45 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 14:18:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/16 13:12:49 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/14 22:00:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/14 17:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/12 22:04:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/11 12:19:48 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\brsvc01a.bsi
    [2010/10/11 12:19:48 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\brss01a.ini
    [2010/10/11 12:19:47 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7840w.dat
    [2010/10/08 17:16:24 | 000,004,267 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
    [2010/10/08 17:12:44 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
    [2010/10/08 17:12:06 | 000,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/10/08 17:12:06 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
    [2010/10/08 17:12:06 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
    [2010/10/04 19:57:44 | 001,068,203 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\sf2809.pdf
    [2010/09/14 13:35:39 | 000,005,798 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/09/12 14:22:03 | 000,061,876 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/10 17:45:09 | 000,001,097 | ---- | M] () -- C:\net_save.dna
    [2010/09/06 07:14:53 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Meenu Will.doc
    [2010/09/06 07:13:44 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Mon Will.doc
    [2010/08/11 19:25:05 | 002,002,478 | ---- | M] () -- C:\WINDOWS\iis6.BAK

    ========== Files Created - No Company Name ==========

    [2010/10/19 06:50:36 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/10/19 06:50:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/19 06:46:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/19 06:46:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/19 06:46:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/19 06:46:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/19 06:46:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/18 20:55:05 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\NTBR_CD.exe
    [2010/10/18 19:12:05 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\MBRCheck.exe
    [2010/10/17 13:07:42 | 000,007,343 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
    [2010/10/17 13:07:28 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/10/17 13:02:49 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/10/17 13:02:48 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/10/16 20:41:33 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\dds.scr
    [2010/10/16 20:40:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\3zxt5rnq.exe
    [2010/10/16 20:17:26 | 000,088,850 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\Malware Preliminary Removal Instructions - TechSpot OpenBoards.pdf
    [2010/10/16 16:54:45 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\Google Chrome.lnk
    [2010/10/16 16:54:45 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/16 16:51:25 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006UA.job
    [2010/10/16 16:51:25 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960889908-3448697875-2486020462-1006Core.job
    [2010/10/16 14:18:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/11 12:19:48 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\brsvc01a.bsi
    [2010/10/11 12:19:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2010/10/08 17:12:44 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2010/10/08 17:12:06 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2010/10/08 17:12:06 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2010/10/08 17:12:06 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7840w.dat
    [2010/10/08 17:10:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
    [2010/10/08 17:10:03 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2010/10/08 17:10:02 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
    [2010/10/08 17:10:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2010/10/08 17:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2010/10/08 17:10:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2010/10/08 17:05:17 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2010/10/04 19:57:42 | 001,068,203 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\sf2809.pdf
    [2010/09/12 14:22:03 | 000,061,876 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/10 17:45:09 | 000,001,097 | ---- | C] () -- C:\net_save.dna
    [2010/09/05 22:17:01 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/11 14:43:49 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/18 10:50:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\PFP100JPR.{PB
    [2009/11/18 10:50:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\PFP100JCM.{PB
    [2008/05/11 22:05:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
    [2008/05/10 09:51:29 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2008/05/10 09:51:29 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\80936C0B21.sys
    [2008/01/18 12:25:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
    [2007/05/13 21:45:31 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/11/06 00:35:52 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/10/07 12:23:42 | 000,005,798 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/10/07 12:23:42 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3DF8CD3E3D.sys
    [2006/10/05 20:04:07 | 000,000,113 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2006/09/23 07:57:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/09/18 18:41:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\fusioncache.dat
    [2006/09/12 00:20:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/09/12 00:11:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/09/12 00:00:54 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/09/11 23:57:47 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/09/11 23:53:48 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2006/09/11 23:24:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/09/11 23:23:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/09/11 23:23:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/09/11 23:22:21 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/05/24 19:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2010/06/14 19:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2010/10/08 17:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/07/30 09:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/09/05 22:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
    [2006/09/11 23:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/05 22:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/07/30 10:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\CallingID
    [2010/07/30 09:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\comcasttb
    [2010/09/13 12:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\eMusic
    [2008/01/18 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\ICAClient
    [2010/10/01 17:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Jaran Nilsen
    [2010/06/14 20:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Juniper Networks
    [2006/12/29 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Snapfish
    [2010/09/05 22:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Systweak
    [2007/10/14 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Viewpoint
    [2010/04/11 15:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\WinAVI
    [2010/10/17 13:02:49 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/10/17 13:02:48 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/01/28 21:47:37 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2010/10/19 06:50:36 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/19 07:09:18 | 000,018,007 | ---- | M] () -- C:\ComboFix.txt
    [2008/01/18 12:25:12 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/01/13 20:11:35 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
    [2006/09/11 23:30:38 | 000,006,587 | RH-- | M] () -- C:\dell.sdr
    [2010/10/08 17:16:19 | 000,051,104 | ---- | M] () -- C:\dlcc.log
    [2010/10/08 17:16:20 | 000,703,959 | ---- | M] () -- C:\dlccscan.log
    [2010/10/19 07:01:48 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
    [2006/09/23 08:28:15 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2006/09/11 23:57:33 | 000,000,827 | -H-- | M] () -- C:\IPH.PH
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2010/09/10 17:45:09 | 000,001,097 | ---- | M] () -- C:\net_save.dna
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/01/18 22:07:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2009/10/04 14:14:37 | 000,004,120 | -H-- | M] () -- C:\os651826.bin
    [2010/10/19 07:01:46 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2006/09/11 23:57:43 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2010/10/16 13:33:27 | 000,052,594 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_16.10.2010_13.29.16_log.txt
    [2009/04/21 11:18:34 | 000,000,028 | ---- | M] () -- C:\WFCNAME.INI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2005/06/09 11:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
    [2009/01/18 22:15:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/09/18 18:41:23 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/16 20:40:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\3zxt5rnq.exe
    [2010/10/18 19:12:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\MBRCheck.exe
    [2010/10/18 20:55:10 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\NTBR_CD.exe
    [2010/10/19 18:18:11 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/09/18 18:41:22 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Andre\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008/06/04 20:46:30 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Andre\Cookies\desktop.ini
    [2010/10/19 18:16:30 | 001,146,880 | ---- | M] () -- C:\Documents and Settings\Andre\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 05:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  21. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    Extras Log

    OTL Extras logfile created on: 10/19/2010 6:19:37 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Andre\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 27.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.24 Gb Total Space | 4.67 Gb Free Space | 12.53% Space Free | Partition Type: NTFS
    Drive D: | 12.54 Gb Total Space | 12.47 Gb Free Space | 99.44% Space Free | Partition Type: NTFS

    Computer Name: BUBBLE | User Name: Andre | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
    "C:\Documents and Settings\Andre\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Andre\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Brother\Brmfl07b\FAXRX.exe" = C:\Program Files\Brother\Brmfl07b\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)
    "C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe" = C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light -- (Brother Industries, Ltd.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
    "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
    "{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
    "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
    "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
    "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{CF21CDC3-DA17-4724-AC3B-27A51F1B5AC8}" = Internet Dialer
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.12
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    "{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
    "{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
    "{F73E7B59-F951-11D4-884D-00902761A46D}" = WordPerfect Office 2002 Professional
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Accessories" = Citrix ICA Client ( Accessories )
    "Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ATT-PRT22" = ATT-PRT22
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "Citrix ICA Client" = Citrix ICA Client
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "comcasttb" = Comcast Toolbar 3.0
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell_ENA" = 3300 Software Uninstall
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESPNMotion" = ESPNMotion
    "GTRemote Client" = DellConnect
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSC" = McAfee SecurityCenter
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "RealPlayer 6.0" = RealPlayer Basic
    "ScrewDrivers Client v3" = ScrewDrivers Client v3
    "SearchAssist" = SearchAssist
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "v3 RDP Only Web Push (nstl chk)" = v3 RDP Only Web Push (nstl chk)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "iTunes Agent 1.3.3" = iTunes Agent 1.3.3
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/19/2010 7:35:32 AM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 31580078

    Error - 10/19/2010 8:45:39 AM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2010 8:45:39 AM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 15578

    Error - 10/19/2010 8:45:39 AM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15578

    Error - 10/19/2010 7:04:20 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2010 7:04:20 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37136797

    Error - 10/19/2010 7:04:20 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 37136797

    Error - 10/19/2010 7:04:36 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2010 7:04:36 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37152500

    Error - 10/19/2010 7:04:36 PM | Computer Name = BUBBLE | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 37152500

    [ System Events ]
    Error - 10/16/2010 9:04:26 PM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/16/2010 9:04:26 PM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7034
    Description = The Comcast AntiSpyware service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/16/2010 9:04:27 PM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/16/2010 9:04:27 PM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7034
    Description = The CA Pest Patrol Realtime Protection Service service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/16/2010 9:04:27 PM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7034
    Description = The McciCMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/18/2010 7:51:35 PM | Computer Name = BUBBLE | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 10/18/2010 7:51:35 PM | Computer Name = BUBBLE | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 10/19/2010 7:45:56 AM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7031
    Description = The McAfee Real-time Scanner service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 10/19/2010 7:52:41 AM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/19/2010 8:08:09 AM | Computer Name = BUBBLE | Source = Service Control Manager | ID = 7016
    Description = The BrSplService service has reported an invalid current state 0.


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You didn't say how redirections is.
     
  23. amg123

    amg123 TS Rookie Topic Starter Posts: 18

    Redirects

    Whoops. Overlooked that one. I ran a few searches and they worked out fine without any redirects. Does that mean it's dead?!
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    That's good news :)

    I still need to review your OTL logs and we'll go from there.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're running low on C drive free space:
    =========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2008/05/10 09:51:29 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\80936C0B21.sys
      [2006/09/11 23:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2007/10/14 18:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Viewpoint
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...