1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Mom's PC Infected by MalWare

Discussion in 'Malware and Virus Removal Archive' started by Michael7, 2010/04/22.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2010/04/22
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    [Inactive] Mom's PC Infected by MalWare

    Hi everyone!

    I hope I'm okay in posting this and that I'm in the right place! If not, I am really sorry!

    This morning my mom told me that her computer was having some problems and had all sorts of popups saying it was infected and it wasn't letting her do anything. She asked if I could look at it when I had the chance. Well I finally got around to looking at her computer and instantly saw the problem.

    She's been infected with malware that fakes a spyware/virus removal software. It instantly pops up the moment she logs on, saying the computer is infected and all that stuff. It also blocks Internet Explorer, saying that every site I go to is a security risk and all that stuff. It wouldn't let me go to any website at all. So I couldn't go that route when I tried getting at least a free scan of her PC to find the file and go from there. Come to find out, she also doesn't have ANY virus protection or anything like that, as far as I could find, except for AOL protection, which is blocked and useless by this infection.

    Thankfully I had months before, installed Firefox onto the computer and was able to get to SOME websites through it. However, any website that posed a threat to this infection, immediately caused the browser to crash. So this malware program is pretty much completely blocking all threats to it. I tried going to the system configuration (this is Windows XP she's running, by the way), and it too was blocked and crashed. Control panel, blocked and crashed. Command Prompt, blocked and crashed. ANYTHING that could possibly be used to at least stall this thing, seemed to be inaccessible. I did manage to get to the files through right-clicking on the start menu and clicking "explore." But I don't know how much good I can do from that.

    I searched and found others had similar problems with this same attack. However, they had to download this and that thing and produce logs to help solve it. I'm sure I'll have to do the same. My problem is . . . how can I do that on her computer, when just about any internet access that seems to be a threat to this threat, is blocked? Can I download it from mine and put it on a CD? (I don't want to use any portable drives, and risk infection with as bad as it seems on her computer. She accidentally made it worse I think by clicking some of it's links this morning, thinking it was an actual virus protection program.)

    But can anyone help guide me through this? I'm honestly at a loss as to how to get rid of this thing. I'm really shocked she doesn't have any real protection . . . and am thinking it's to the point where she should save whatever she absolutely needs, and we'll wipe the whole thing clean. But she has tons of programs on it, so . . . that's a last resort :(

    I truly appreciate any and all help with this! I apologize too, for being long-winded. Thank you in advance for any and all help with this! :)
     
    Michael7,
    #1
  2. 2010/04/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Read this post, then post the requested log(s).
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/04/22
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Hi Broni!

    Thanks for the link. I went ahead and tried to do just that. However, when put onto her computer, it still does not let me even run the DDS to generate the log, since it goes through the command promt apparently and . . .well as I mentioned above, it still ends up exiting out of the command prompt the moment it's accessed. This malware isn't allowing anything that would offer some help to get rid of it. Is there a way to bypass any of this?

    I managed to save it to her desktop, but when clicking on it, the command prompt tries to open but immediately shuts down and the malware of course says that cmd.exe is infected and wants to try to get me to click to protect the PC and all that stuff :(
     
    Michael7,
    #3
  5. 2010/04/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's see, if we can look at your computer booting from an external source.

    You will need USB flash drive to move information from bad computer to a working computer.

    You need to download two programs.

    First

    ISO Burner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programm, from there on it's fairly automatic (Instructions)

    Second

    • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 270.3 MB in size so it may take some time to download.
    • When downloaded double click and this will then open ISOBurner to burn the file to CD
    • Reboot your system (Non working computer) using the boot CD you just created.
      • Note. If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Registry to All
      • Under Custom Scan box paste this in:

        netsvcs
        %SYSTEMDRIVE%\*.exe
        /md5start
        eventlog.dll
        scecli.dll
        netlogon.dll
        cngaudit.dll
        sceclt.dll
        ntelogon.dll
        logevent.dll
        iaStor.sys
        nvstor.sys
        atapi.sys
        IdeChnDr.sys
        viasraid.sys
        AGP440.sys
        vaxscsi.sys
        nvatabus.sys
        viamraid.sys
        nvata.sys
        nvgts.sys
        iastorv.sys
        ViPrt.sys
        eNetHook.dll
        ahcix86.sys
        KR10N.sys
        nvstor32.sys
        ahcix86s.sys
        nvrd32.sys
        symmpi.sys
        adp3132.sys
        mv61xx.sys
        userinit.exe
        explorer.exe
        /md5stop
        %systemroot%\*. /mp /s
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\System32\config\*.sav
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive.
    • Please post the contents of the C:\OTL.txt file in your reply.
     
    broni,
    #4
  6. 2010/04/26
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Thank you SO much for the continued help. I'm sorry it's taken so long to get back with you on this, I finally managed to snag the time to get this done. Here's the contents of the OTL file:

    OTL logfile created on: 4/26/2010 2:18:52 PM - Run
    OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 698.00 Mb Available Physical Memory | 73.00% Memory free
    858.00 Mb Paging File | 750.00 Mb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35.48 Gb Total Space | 2.10 Gb Free Space | 5.93% Space Free | Partition Type: NTFS
    Drive D: | 117.19 Gb Total Space | 116.40 Gb Free Space | 99.33% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 120.25 Mb Total Space | 120.19 Mb Free Space | 99.96% Space Free | Partition Type: FAT32
    Drive G: | 3.75 Gb Total Space | 3.75 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/09/29 11:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/12/18 06:25:12 | 029,181,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
    SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/02/10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2007/01/25 17:35:01 | 000,022,608 | ---- | M] (AOL LLC) [Auto] -- C:\Program Files\Common Files\AOL\1142462297\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe -- (aolavupd)
    SRV - [2007/01/03 00:46:54 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
    SRV - [2006/12/19 15:45:16 | 000,280,080 | ---- | M] (CA, Inc.) [Auto] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
    SRV - [2006/12/11 01:29:24 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2006/02/23 13:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2005/10/14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2005/09/30 21:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
    SRV - [2003/09/12 16:40:26 | 001,208,320 | ---- | M] (PowerQuest Corporation) [Auto] -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- (V2i Protector)
    SRV - [2002/11/25 10:12:32 | 000,049,152 | ---- | M] (GEAR Software) [Auto] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


    ========== Driver Services (All) ==========

    DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled] -- -- (ultra)
    DRV - File not found [Kernel | Disabled] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled] -- -- (symc810)
    DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
    DRV - File not found [Kernel | Disabled] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled] -- -- (i2omp)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled] -- -- (hpn)
    DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
    DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
    DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled] -- -- (asc3550)
    DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled] -- -- (asc)
    DRV - File not found [Kernel | Disabled] -- -- (amsint)
    DRV - File not found [Kernel | Disabled] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
    DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
    DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
    DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
    DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
    DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
    DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
    DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
    DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
    DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
    DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
    DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
    DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
    DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
    DRV - [2008/04/13 14:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx)
    DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
    DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
    DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
    DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2007/03/08 18:47:00 | 000,012,032 | ---- | M] (SerComm) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
    DRV - [2007/03/08 18:46:50 | 000,039,424 | ---- | M] (SerComm) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
    DRV - [2007/03/08 18:46:42 | 000,012,672 | ---- | M] (SerComm) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETGEARUCOMP.sys -- (NETGEARUCOMP)
    DRV - [2007/02/23 00:29:52 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20)
    DRV - [2006/12/03 10:32:53 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
    DRV - [2006/12/03 10:32:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
    DRV - [2006/12/03 10:32:36 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
    DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
    DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
    DRV - [2005/09/06 08:31:50 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
    DRV - [2005/06/09 06:30:52 | 000,227,712 | R--- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
    DRV - [2005/02/01 04:39:04 | 000,176,128 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
    DRV - [2004/12/30 17:28:54 | 000,026,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2004/12/16 15:36:30 | 000,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)
    DRV - [2003/09/12 16:48:10 | 000,046,810 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\PQIMount.sys -- (PQIMount)
    DRV - [2003/09/12 16:19:44 | 000,132,899 | ---- | M] (StorageCraft) [File_System | Boot] -- C:\WINDOWS\system32\drivers\PQV2i.sys -- (PQV2i)
    DRV - [2003/04/15 18:52:20 | 000,009,632 | ---- | M] (GEAR Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
    DRV - [2003/03/31 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
    DRV - [2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2003/03/31 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2003/03/31 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2003/03/31 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2003/03/31 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2003/03/31 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2003/03/31 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2003/03/31 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2003/03/31 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2003/03/31 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2003/03/31 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2003/03/31 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
    DRV - [2003/03/31 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2003/03/31 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
    DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
    DRV - [2003/03/31 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
    DRV - [2003/03/31 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
    DRV - [2001/08/17 08:13:08 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://god180.com/
    IE - HKU\Michael_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
    IE - HKU\Michael_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=0EgWN99BqEVuUIur1f1LZA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\ReveNEspoir_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
    IE - HKU\ReveNEspoir_ON_C\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    IE - HKU\ReveNEspoir_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\ReveNEspoir_ON_C\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.selectedEngine: "MyWebSearch "
    FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=0EgWN99BqEVuUIur1f1LZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= "

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/05 12:57:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/06 04:04:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/13 19:41:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 11:01:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/21 07:12:06 | 000,000,000 | ---D | M]

    [2009/02/13 18:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\Mozilla\Firefox\Profiles\02zztej9.default\extensions
    [2009/06/02 18:59:17 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\Mozilla\Firefox\Profiles\02zztej9.default\searchplugins\mywebsearch.xml
    [2010/04/22 18:08:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/05 12:55:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/07/18 20:25:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/03/10 15:22:08 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
    [2009/02/13 19:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    [2010/02/27 07:24:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2009/07/18 20:24:48 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2009/07/18 20:24:48 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/10/11 06:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    [2009/07/07 17:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    [2009/07/07 17:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    [2009/06/01 14:15:01 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    [2009/07/18 20:24:57 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    [2010/04/03 19:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    [2008/11/05 12:56:54 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    [2007/05/11 19:41:27 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    [2007/05/11 19:41:27 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    [2007/05/11 19:41:27 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    [2007/05/11 19:41:27 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    [2007/05/11 19:41:28 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    [2007/05/11 19:41:28 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    [2008/11/05 12:57:05 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    [2008/11/05 12:56:47 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    [2009/07/18 20:25:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2009/07/18 20:25:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2009/07/18 20:25:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2009/07/18 20:25:02 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2009/07/18 20:25:02 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2009/07/18 20:25:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2009/07/18 20:25:02 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
    O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - Reg Error: Value error. File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
    O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
    O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
    O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
    O4 - HKLM..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
    O4 - HKLM..\Run: [jbyflcch] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe ()
    O4 - HKLM..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    O4 - HKLM..\Run: [sscRun] C:\Program Files\Common Files\AOL\1142462297\EE\sscRun.exe (AOL LLC)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [jbyflcch] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe ()
    O4 - HKU\.DEFAULT..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKU\Kent.REVE-N-ESPOIR_ON_C..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
    O4 - HKU\Kent.REVE-N-ESPOIR_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\Kent.REVE-N-ESPOIR_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKU\Kent.REVE-N-ESPOIR_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\Kent.REVE-N-ESPOIR_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O4 - HKU\Michael_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\Michael_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKU\ReveNEspoir_ON_C..\Run: [asam] C:\WINDOWS\asam.exe ()
    O4 - HKU\ReveNEspoir_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\ReveNEspoir_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    O4 - HKU\ReveNEspoir_ON_C..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe File not found
    O4 - HKU\ReveNEspoir_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\ReveNEspoir_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Multimedia Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc\lsass.exe (Microsoft Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Value error. File not found
     
    Michael7,
    #5
  7. 2010/04/26
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Here's the second part

    O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Value error. File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/no...-4/PopularScreenSaversInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} https://eformrs.com/RSLoginModule.cab (CLRMachineInfoCtl Class)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
    O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB (CLaunchPrint Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl ") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/03/15 15:58:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/04/22 07:04:34 | 000,110,592 | ---- | M] (Microsoft Inc.) - C:\autoexec.exe -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/15 19:51:07 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/22 07:04:32 | 000,110,592 | ---- | C] (Microsoft Inc.) -- C:\autoexec.exe
    [2010/04/21 08:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg
    [2010/04/09 10:57:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc
    [2010/04/09 10:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\AOL Toolbar
    [2010/03/30 14:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
    [2010/03/30 08:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/03/30 08:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/03/29 07:14:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2010/03/29 07:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/03/29 07:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\ReveNEspoir\My Documents\*.tmp files -> C:\Documents and Settings\ReveNEspoir\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/04/22 18:22:00 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/04/22 18:22:00 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/04/22 18:21:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/22 18:21:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/22 18:19:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE9C1704-2B61-4C30-B115-A8BCC521AB94}.job
    [2010/04/22 18:17:19 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\ntuser.dat
    [2010/04/22 18:17:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ReveNEspoir\ntuser.ini
    [2010/04/22 18:17:11 | 019,089,992 | -H-- | M] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\IconCache.db
    [2010/04/22 17:58:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\Desktop\dds(2).scr
    [2010/04/22 17:52:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/22 17:52:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/22 17:21:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\Desktop\dds.scr
    [2010/04/22 14:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/22 07:07:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\ntuser.ini
    [2010/04/22 07:07:09 | 009,734,534 | -H-- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\IconCache.db
    [2010/04/22 07:04:54 | 000,061,184 | ---- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\syssvc.exe
    [2010/04/22 07:04:34 | 000,110,592 | ---- | M] (Microsoft Inc.) -- C:\autoexec.exe
    [2010/04/22 07:04:27 | 000,000,024 | ---- | M] () -- C:\WINDOWS\herjek.config
    [2010/04/22 06:49:30 | 000,061,184 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\syssvc.exe
    [2010/04/22 06:49:30 | 000,061,184 | ---- | M] () -- C:\WINDOWS\asam.exe
    [2010/04/21 07:24:52 | 000,000,184 | ---- | M] () -- C:\WINDOWS\ImportClient.INI
    [2010/04/21 07:05:43 | 000,001,092 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\35KNma140
    [2010/04/21 07:05:42 | 000,208,384 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
    [2010/04/16 10:50:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/04/15 07:42:04 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/15 07:37:40 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
    [2010/04/14 14:27:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/09 11:03:37 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\ntuser.dat
    [2010/04/09 10:55:00 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\housecall.guid.cache
    [2010/04/09 10:02:18 | 000,187,904 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\My Documents\Vir7remover_2014-1_b8.exe
    [2010/04/07 06:53:12 | 000,042,224 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\My Documents\10 things credit card issuers don.docx
    [2010/04/05 11:25:43 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/04/01 12:56:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/03/31 11:57:14 | 048,575,030 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\My Documents\K_1 Curriculum.pdf
    [2010/03/31 11:54:05 | 104,632,070 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\My Documents\2nd_3rd Curriculum.pdf
    [2010/03/31 11:45:38 | 002,890,247 | ---- | M] () -- C:\Documents and Settings\ReveNEspoir\My Documents\Adapted_Curriculum.pdf
    [2010/03/30 08:31:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\ReveNEspoir\My Documents\*.tmp files -> C:\Documents and Settings\ReveNEspoir\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/22 17:58:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Desktop\dds(2).scr
    [2010/04/22 17:53:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Desktop\dds.scr
    [2010/04/22 07:04:54 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\syssvc.exe
    [2010/04/22 07:04:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\herjek.config
    [2010/04/22 06:50:31 | 000,061,184 | ---- | C] () -- C:\WINDOWS\asam.exe
    [2010/04/22 06:49:30 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\syssvc.exe
    [2010/04/21 07:05:43 | 000,001,092 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\35KNma140
    [2010/04/21 07:05:42 | 000,208,384 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
    [2010/04/15 07:42:04 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/09 10:55:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\housecall.guid.cache
    [2010/04/09 10:02:17 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\My Documents\Vir7remover_2014-1_b8.exe
    [2010/04/07 06:53:11 | 000,042,224 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\My Documents\10 things credit card issuers don.docx
    [2010/03/31 11:57:12 | 048,575,030 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\My Documents\K_1 Curriculum.pdf
    [2010/03/31 11:53:55 | 104,632,070 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\My Documents\2nd_3rd Curriculum.pdf
    [2010/03/31 11:45:38 | 002,890,247 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\My Documents\Adapted_Curriculum.pdf
    [2010/03/30 08:31:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/30 08:31:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/26 13:39:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\housecall.guid.cache
    [2010/03/24 16:56:12 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
    [2010/03/24 16:54:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
    [2010/03/24 16:54:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [2010/02/05 20:30:30 | 000,203,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/12/14 13:26:19 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
    [2009/02/15 00:06:28 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Michael\ntuser.dat.LOG
    [2008/10/20 11:30:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gdi32a.ini
    [2008/08/07 18:52:29 | 020,870,511 | ---- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Scan0001.tif
    [2007/10/12 20:47:18 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
    [2007/10/12 20:47:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netctrl.ini
    [2007/05/01 17:41:28 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
    [2007/05/01 17:41:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
    [2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/12/12 19:16:30 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/10/17 07:50:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Application Data\dm.ini
    [2006/10/17 07:50:02 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Application Data\AdobeDLM.log
    [2006/09/19 14:01:48 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/08/08 15:18:27 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Michael\ntuser.ini
    [2006/08/08 15:18:25 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\Michael\ntuser.dat
    [2006/05/24 16:23:04 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/05/06 13:08:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/04/21 12:34:07 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
    [2006/04/07 18:13:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2006/03/30 14:43:52 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
    [2006/03/15 22:16:15 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\default.pls
    [2006/03/15 21:55:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\ntuser.ini
    [2006/03/15 21:55:43 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\ntuser.dat
    [2006/03/15 21:55:43 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\NtUser.dat.LOG
    [2006/03/15 21:41:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/03/15 19:11:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\FASTWiz.html
    [2006/03/15 18:55:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
    [2006/03/15 18:55:22 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
    [2006/03/15 18:55:21 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
    [2006/03/15 18:55:20 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
    [2006/03/15 18:55:19 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
    [2006/03/15 18:55:18 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
    [2006/03/15 18:55:16 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
    [2006/03/15 18:55:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
    [2006/03/15 18:55:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2006/03/15 18:55:13 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2006/03/15 18:55:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
    [2006/03/15 18:55:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2006/03/15 18:49:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
    [2006/03/15 18:49:35 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2006/03/15 18:49:32 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2006/03/15 18:23:57 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    [2006/03/15 18:23:57 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    [2006/03/15 16:48:36 | 000,010,831 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
    [2006/03/15 16:47:57 | 000,001,138 | ---- | C] () -- C:\WINDOWS\System32\MpEnum.ini
    [2006/03/15 16:47:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\MpNetIpc.ini
    [2006/03/15 16:40:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/03/15 16:10:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
    [2006/03/15 16:06:47 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\ReveNEspoir\ntuser.dat
    [2006/03/15 16:06:47 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\ReveNEspoir\ntuser.dat.LOG
    [2006/03/15 16:06:47 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ReveNEspoir\ntuser.ini
    [2006/03/15 16:05:10 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2006/03/15 16:05:10 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2006/03/15 16:05:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2006/03/15 16:05:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2006/03/15 16:05:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2006/03/15 16:05:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2004/09/17 19:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2004/07/28 00:44:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
    [2003/08/12 13:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
    [2003/08/12 13:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
    [2003/08/12 13:58:22 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2003/08/12 13:58:20 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2003/03/31 08:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
    [2003/03/09 23:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2000/09/08 19:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

    ========== LOP Check ==========

    [2010/03/22 09:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\alot
    [2009/08/14 09:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\Image Zone Express
    [2009/02/15 00:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\IObit
    [2006/12/12 18:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\iView
    [2009/08/14 09:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\Printer Info Cache
    [2010/04/09 10:57:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc
    [2007/01/16 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\Viewpoint
    [2007/01/11 18:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Viewpoint
    [2008/02/05 15:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\acccore
    [2010/03/12 10:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\alot
    [2008/12/26 18:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/11/03 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Dealio
    [2010/02/24 14:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Image Zone Express
    [2010/04/09 10:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\IObit
    [2006/03/16 10:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\IsolatedStorage
    [2006/10/30 16:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\iView
    [2008/10/08 11:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Leadertech
    [2009/01/15 12:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Printer Info Cache
    [2006/03/15 19:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\School Zone Preferences
    [2006/03/15 16:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Simple Star
    [2006/03/15 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Snapfish
    [2010/03/27 08:55:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\SystemProc
    [2007/01/11 09:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReveNEspoir\Application Data\Viewpoint
    [2008/05/23 02:30:30 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1168270247.job
    [2009/12/21 00:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
    [2010/04/22 18:19:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE9C1704-2B61-4C30-B115-A8BCC521AB94}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2006/12/18 21:16:41 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2010/04/22 07:04:34 | 000,110,592 | ---- | M] (Microsoft Inc.) -- C:\autoexec.exe


    < MD5 for: AGP440.SYS >
    [2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2009/02/13 18:42:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
    [2002/08/29 04:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\DRIVERS\ATAPI.SYS
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () MD5=E2F9367B25A492D039DF86B4860A2A8E -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/04 02:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2002/08/29 06:41:08 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\NETLOGON.DLL
    [2004/08/04 02:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 02:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2002/08/29 06:41:12 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\SCECLI.DLL
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < MD5 for: SYMMPI.SYS >
    [2002/06/06 18:36:56 | 000,030,720 | ---- | M] (LSI Logic) MD5=53CAC768E436790420D9F2420AE31438 -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\DRIVERS\ADDITIONAL_OEM\LSI_LOGIC_PCI_SCSI\SYMMPI.SYS
    [2002/08/14 14:41:14 | 000,030,848 | ---- | M] (LSI Logic) MD5=F32B8C39E5C54E765595C9C5B9B9AB9E -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\DRIVERS\SYMMPI.SYS

    < MD5 for: USERINIT.EXE >
    [2004/08/04 02:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
    [2002/08/29 06:41:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\Documents and Settings\ReveNEspoir\Desktop\Software\Drive Image 7\I386\SYSTEM32\USERINIT.EXE

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
    [2010/02/25 12:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
    [2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
    [2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
    [2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
    [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/03/15 09:47:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/03/15 09:47:28 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/03/15 09:47:28 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >
     
    Michael7,
    #6
  8. 2010/04/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
IE - HKU\Kent.REVE-N-ESPOIR_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
IE - HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
IE - HKU\Michael_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=0EgWN99BqEVuUIur1f1LZA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\ReveNEspoir_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL File not found
IE - HKU\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..browser.search.selectedEngine:  "MyWebSearch "
FF - prefs.js..keyword.URL:  "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=0EgWN99BqEVuUIur1f1LZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= "
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/06/01 14:15:01 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Value error. File not found
O3 - HKU\Kent.REVE-N-ESPOIR_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
O3 - HKU\ReveNEspoir_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKLM..\Run: [jbyflcch] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe ()
O4 - HKU\.DEFAULT..\Run: [jbyflcch] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe ()
O4 - HKU\ReveNEspoir_ON_C..\Run: [asam] C:\WINDOWS\asam.exe ()
O4 - HKU\ReveNEspoir_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\ReveNEspoir_ON_C..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Value error. File not found 
O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Value error. File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab  (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Value error.)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2010/04/22 07:04:54 | 000,061,184 | ---- | M] () -- C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\syssvc.exe
[2010/04/22 07:04:27 | 000,000,024 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/04/22 06:49:30 | 000,061,184 | ---- | M] () -- C:\WINDOWS\asam.exe
[2010/04/21 07:05:42 | 000,208,384 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
[2010/04/16 10:50:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 07:42:04 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/24 16:56:12 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2008/10/20 11:30:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gdi32a.ini


:Services

:Reg

:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
    broni,
    #7
  9. 2010/04/26
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Awesome, Thanks so much for your continued help in all this! It seems to have booted up all fine and everything. No malware or warnings (fake or real) popping up. I can use the browsers . . .go into command script (except when trying to close it, it said it couldn't close it and just had to end program?) Here's the log:
    ========== OTL ==========
    Registry value HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ deleted successfully.
    HKU\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry value HKEY_USERS\Michael_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
    HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
    HKU\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
    Registry value HKEY_USERS\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
    HKU\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine
    Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=0EgWN99BqEVuUIur1f1LZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
    C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ deleted successfully.
    Registry value HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
    Registry value HKEY_USERS\Michael_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
    Registry value HKEY_USERS\ReveNEspoir_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
    C:\WINDOWS\asam.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jbyflcch deleted successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe moved successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\jbyflcch deleted successfully.
    File C:\Documents and Settings\NetworkService\Local Settings\Application Data\xibhuqotg\pptmvbjtssd.exe not found.
    Registry value HKEY_USERS\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
    File C:\WINDOWS\asam.exe not found.
    Registry value HKEY_USERS\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
    Registry value HKEY_USERS\ReveNEspoir_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Norton SystemWorks deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
    Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Kent.REVE-N-ESPOIR_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Michael_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\ReveNEspoir_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
    File Protocol\Handler\ipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    C:\Documents and Settings\Kent.REVE-N-ESPOIR\Local Settings\Application Data\syssvc.exe moved successfully.
    C:\WINDOWS\herjek.config moved successfully.
    File C:\WINDOWS\asam.exe not found.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe moved successfully.
    C:\WINDOWS\imsins.BAK moved successfully.
    C:\WINDOWS\system32\MRT.INI moved successfully.
    C:\WINDOWS\system32\Mswrkdmk.dll moved successfully.
    C:\WINDOWS\gdi32a.ini moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Flash cache emptied: 35 bytes

    User: Cherry
    ->Temp folder emptied: 16361459 bytes
    ->Temporary Internet Files folder emptied: 55743713 bytes
    ->Java cache emptied: 2016914 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Kent
    ->Temporary Internet Files folder emptied: 217537 bytes
    ->Java cache emptied: 691849 bytes

    User: Kent.REVE-N-ESPOIR
    ->Temp folder emptied: 72666477 bytes
    ->Temporary Internet Files folder emptied: 3515786 bytes
    ->Java cache emptied: 12184198 bytes
    ->FireFox cache emptied: 13779893 bytes
    ->Flash cache emptied: 1027 bytes

    User: KENT~1~REV

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 9001791 bytes

    User: Michael
    ->Temp folder emptied: 420336 bytes
    ->Temporary Internet Files folder emptied: 955218652 bytes
    ->FireFox cache emptied: 3449913 bytes
    ->Flash cache emptied: 7930 bytes

    User: NetworkService
    ->Temp folder emptied: 1002848 bytes
    ->Temporary Internet Files folder emptied: 58311515 bytes
    ->Java cache emptied: 107 bytes
    ->Flash cache emptied: 20078 bytes

    User: ReveNEspoir
    ->Temp folder emptied: 1378842927 bytes
    ->Temporary Internet Files folder emptied: 71224280 bytes
    ->Java cache emptied: 15049686 bytes
    ->FireFox cache emptied: 43100278 bytes
    ->Flash cache emptied: 315971 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1099790 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 111389480 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23913466 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 74297 bytes

    Total Files Cleaned = 2,718.00 mb


    OTLPE by OldTimer - Version 3.1.38.0 log created on 04262010_221404
     
    Michael7,
    #8
  10. 2010/04/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to hear good news :), but we just made your computer bootable and more stable.
    We still need to run more checks.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Thanks :) Here's the three logs: I'll put them in three different posts in case that makes it easier for you: Here's the MalwareBytes Log:
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4041

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/26/2010 11:43:29 PM
    mbam-log-2010-04-26 (23-43-29).txt

    Scan type: Quick scan
    Objects scanned: 135598
    Time elapsed: 5 minute(s), 28 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 116
    Registry Values Infected: 4
    Registry Data Items Infected: 3
    Folders Infected: 26
    Files Infected: 147

    Memory Processes Infected:
    C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\crit2 (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\crit2 (Worm.Prolaco.M) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ReveNEspoir\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Kent.REVE-N-ESPOIR\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\autoexec.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ReveNEspoir\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\2618EE2E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\261A581F.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\26228BAB.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0CE7E26F.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2618ED83.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\26190F53.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261A6EF2.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261AD50F.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261B4628.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261C9935.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261F383A.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261F8D21.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\261FD805.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\26203680.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262084FE.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\26211A1A.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\26217039.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2622A156.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262323E4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262393E4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2623FABC.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262472BB.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2624FB05.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2625790F.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2625EC3B.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262696D3.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262725D4.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2627AA47.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\26280C6C.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\262869BE.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2628EA87.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\000A1EF1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\000AD001 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\001D9D1D.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01244394 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\03327D62.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0AA6AD3C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0CE7F635 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0CE7F877.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0CE7F952.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0CE7FB56.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0CE7FC21.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0E6827F8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\22352D95.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\22352F0C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\223530C2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\2235318D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\2A833EC7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ReveNEspoir\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
     
    Michael7,
    #10
  12. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    GMER Part 1 (The "Show All" box was greyed out, so I could neither check or uncheck it, so hopefully it didn't check somehow, if so I deeply apologize):
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-27 01:52:43
    Windows 5.1.2600 Service Pack 3
    Running: 9dd6zjk6.exe; Driver: C:\DOCUME~1\REVENE~1\LOCALS~1\Temp\axlyrkod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? glpd.sys The system cannot find the file specified. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00B6F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00B6FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00B6FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00B6F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00B6F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00B6F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00B6FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00B6FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00B6FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00B6F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00B70160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00B6F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[324] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00B6F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[520] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\services.exe[784] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
    Last edited: 2010/04/27
    Michael7,
    #11
  13. 2010/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like a part of GMER log is missing...
     
    broni,
    #12
  14. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Yes, I'm sorry about that, I tried posting the entire file but my computer and browser started locking up and I wasn't sure which posts went through and which didn't. The entire file will probably take 5 posts, if that's alright?
    Here's GMER Part 2:

    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[948] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\system32\svchost.exe[1008] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1060] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
    Michael7,
    #13
  15. 2010/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not a problem :)
     
    broni,
    #14
  16. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Thanks :) Got mixed up again and posted Part 2, twice!
    Here's Part 3:

    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [1000FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1100] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1152] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1160] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
    Last edited: 2010/04/27
    Michael7,
    #15
  17. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    GMER Part 4:

    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1364] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [1000FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\System32\svchost.exe[1980] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2012] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
    Michael7,
    #16
  18. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    GMER Part 5:

    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [1000FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Mozilla Firefox\firefox.exe[2060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [0463FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [0463FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [0463FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [0463FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
     
    Michael7,
    #17
  19. 2010/04/27
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Make it 6 parts! Part 6:

    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0463F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [0463FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0463FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0463F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [04640160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0463F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[2644] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0463F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\ee\AOLSoftware.exe[2968] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\1142462297\EE\aolsoftware.exe[3704] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

    ---- EOF - GMER 1.0.15 ----
     
    Michael7,
    #18
  20. 2010/04/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    GMER log looks fine :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #19
  21. 2010/04/29
    Michael7

    Michael7 Inactive Thread Starter

    Joined:
    2010/04/22
    Messages:
    15
    Likes Received:
    0
    Hi Broni, once again sorry for taking so long to reply! I just tried to do the scan. However, the computer has AOL Safety and Security installed on it. I went through and turned the spyware protection on and everything, but when I went to virus scan it said there was none and asked to download it to set it up.

    However, ComboFix says that it detected AOL Antivirus real time scan on it, and that it was turned on. I can't figure this out to turn it off, since it says it's not there . . . Should I go forth and run ComboFix anyway? I appreciate all the continued patience and help with this issue!
     
    Michael7,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...