The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

SCore/2.0GHz/3.0Gb/RAM/WinVista 32bit

Posted 1/29/2010 2:14 PM
#82481
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
This computer is running SLUGGISH, I know its Specs are pretty low for todays standards, but this Computer (My GF's) used to Run ALOT Faster & Smoother. She bought this Computer (Refurbished HP Pavilion G60-121WM) roughly 10 Months ago, when She first got it, it ran very well, but since then it has gotten progressivly slower & slower. These Days it's pretty much Crawling on the Net. As I am writing this, I am Scanning the CPU with Malwarebytes'. and will post the logs as I get them. Thanks for your help!
Posted 1/29/2010 2:47 PM
#82482
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
ok here is the mbam-log file




Malwarebytes' Anti-Malware 1.44
Database version: 3657
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

1/29/2010 8:45:41 AM
mbam-log-2010-01-29 (08-45-41).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 291329
Time elapsed: 1 hour(s), 25 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Posted 1/29/2010 2:50 PM
#82483
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
Here is the DDS-Log





DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 8:47:59.98 on Fri 01/29/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1468 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svcprs32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = about:blank
mStart Page = hxxp://everythingy.com/ie/home
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://eport1.aurora.org/dwa7W.cab
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

============= SERVICES / DRIVERS ===============

R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-25 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-6-25 73720]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-6-25 55288]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2009-6-25 58360]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-7-30 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-7-30 21104]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-7-30 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-7-30 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-7-30 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-25 150520]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-9-1 361808]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-6-25 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-6-25 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-6-25 207352]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-7-30 292080]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-13 24652]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-7-30 1400832]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-9-1 193840]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-6-25 205304]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-7-30 133520]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-7-30 222448]
S4 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2009-5-4 69120]

=============== Created Last 30 ================

2010-01-29 13:18:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 13:17:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-29 13:17:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:45:36 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-29 11:44:59 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-29 11:44:25 0 d-----w- c:\users\admini~1\appdata\roaming\DAEMON Tools Lite
2010-01-29 11:44:09 0 d-----w- c:\programdata\DAEMON Tools Lite

==================== Find3M ====================

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 04:07:41 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-12-28 06:11:10 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-28 06:11:09 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-28 06:11:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-09 13:30:01 42935 ----a-w- c:\programdata\nvModes.dat
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 19:05:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-21 13:24:59 204800 --sha-w- c:\windows\rnapxs\Rnapxs.dat
2009-07-30 06:34:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-30 06:34:30 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5

\index.dat
2009-07-30 06:34:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-30 06:34:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 13:07:48 245760 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-07-07 01:02:01 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-09-01 12:55:42 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:48:54.08 ===============
Posted 1/29/2010 2:51 PM
#82484
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
Here is the hijackthis-Log








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:28 AM, on 1/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\mdmcls32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://everythingy.com/ie/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet

Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet

Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [dvHighMem] C:\Windows\cfgmng32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

/Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3

\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12

\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) -

https://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

https://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -

https://eport1.aurora.org/dwa7W.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet

Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc.

- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game

Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program

Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32

\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-

Spyware\PPCtlPriv.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe

(file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program

Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program

Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program

Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program

Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security

Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\System32

\svcprs32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8470 bytes
Posted 1/29/2010 2:57 PM
#82485
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
And here is the Zipped, Attach file (RAR format)
Post attachments:
Posted 1/30/2010 2:27 AM
#82503
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello keng53140,

The logs were indicating some type of backdoor service loading there. Not real sure the attachment functions work well for us here, but I will need to have all logs posted here to work from. Let's run two other scans then start repairs from there.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 2/2/2010 9:27 PM
#82580
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-02 15:20:40
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 91 GB (64%) free of 143 GB
Total RAM: 2814 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:28 PM, on 2/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://everythingy.com/ie/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [dvHighMem] C:\Windows\cfgmng32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - https://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - https://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://eport1.aurora.org/dwa7W.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\System32\svcprs32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8459 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{8EDD6FF8-1728-459E-A992-6D9441DFB9AD}.job
C:\Windows\tasks\User_Feed_Synchronization-{F56C0862-A4CB-4870-9493-5C316CEF99A0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-08-20 1180400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-08-20 157936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-08-20 1180400]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"dvHighMem"=C:\Windows\cfgmng32.exe [2009-06-01 10940416]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-11 13543968]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPPActiveProtection]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe [2009-12-29 333040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-12-29 271600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
C:\Program Files\CA\CA Internet Security Suite\casc.exe [2009-12-29 374000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-11 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="UmxSbxExw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-06-06 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-02 15:20:40 ----D---- C:\rsit
2010-01-29 09:28:48 ----A---- C:\Windows\IsUninst.exe
2010-01-29 07:17:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 05:44:25 ----D---- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-01-29 05:44:09 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 11:21:14 ----A---- C:\Windows\system32\t2embed.dll
2010-01-24 11:21:13 ----A---- C:\Windows\system32\fontsub.dll
2010-01-24 11:21:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-24 11:21:09 ----A---- C:\Windows\system32\ieframe.dll
2010-01-24 11:21:08 ----A---- C:\Windows\system32\iertutil.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\wininet.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\urlmon.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\occache.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\ieui.dll
2010-01-24 11:21:07 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-24 11:21:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-24 11:21:06 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\iesetup.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\iernonce.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\iepeers.dll
2010-01-24 11:21:06 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-02-02 15:21:27 ----D---- C:\Program Files\Trend Micro
2010-02-02 15:20:56 ----D---- C:\Windows\Prefetch
2010-02-02 15:11:39 ----D---- C:\Windows\System32
2010-02-02 15:11:38 ----D---- C:\Windows\inf
2010-02-02 15:11:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-02 15:04:30 ----D---- C:\Windows\Temp
2010-02-01 13:47:53 ----D---- C:\Windows\system32\catroot2
2010-02-01 13:47:52 ----SHD---- C:\System Volume Information
2010-01-30 02:34:11 ----D---- C:\Windows\system32\WDI
2010-01-29 15:51:14 ----D---- C:\WINDOWS
2010-01-29 10:03:31 ----RD---- C:\Program Files
2010-01-29 10:02:19 ----RD---- C:\Users
2010-01-29 10:00:48 ----D---- C:\Windows\system32\drivers
2010-01-29 09:02:44 ----D---- C:\Temp
2010-01-29 05:44:09 ----HD---- C:\ProgramData
2010-01-28 20:57:26 ----D---- C:\Windows\winsxs
2010-01-28 20:57:26 ----D---- C:\Program Files\Internet Explorer
2010-01-28 20:54:35 ----D---- C:\Windows\system32\catroot
2010-01-28 20:45:29 ----D---- C:\Windows\pss
2010-01-28 20:35:00 ----SHD---- C:\Windows\Installer
2010-01-28 20:31:48 ----D---- C:\Windows\system32\Tasks
2010-01-28 20:31:45 ----D---- C:\Program Files\Common Files
2010-01-28 20:31:42 ----D---- C:\ProgramData\Skype
2010-01-24 15:36:12 ----D---- C:\Windows\Debug
2010-01-24 11:29:05 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-24 11:27:46 ----D---- C:\Windows\system32\migration
2010-01-24 11:24:41 ----D---- C:\Program Files\Windows Mail
2010-01-09 16:16:55 ----D---- C:\Users\Administrator\AppData\Roaming\skypePM
2010-01-04 18:17:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2009-06-25 73720]
R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2009-06-25 55288]
R1 KmxFilter;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2009-06-25 58360]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2009-10-31 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2009-10-31 21488]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2009-10-31 26352]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2009-10-31 161008]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2009-10-31 21104]
R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2009-06-25 150520]
R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2009-06-25 205304]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2009-10-31 133520]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-09-01 23040]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-09-01 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-09-01 30208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 dump_wmimmc;dump_wmimmc; \??\C:\AeriaGames(2)\Shaiya\GameGuard\dump_wmimmc.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-09-01 149504]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-11 196608]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinSvchostManager;WinSock Svchost Manager; C:\WINDOWS\System32\svcprs32.exe [2009-06-01 1400832]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-09 148832]
S2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-08-20 144696]
S2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-12-29 128240]
S2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2008-09-29 283888]
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service []
S2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-06-25 875000]
S2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-06-25 760664]
S2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2009-01-09 154104]
S2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-06-25 207352]
S2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-12-29 292080]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-12-29 259312]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-06-05 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-12-29 222448]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S4 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-05-04 69120]

-----------------EOF-----------------
Posted 2/2/2010 9:28 PM
#82581
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
info.txt logfile of random's system information tool 1.06 2010-02-02 15:21:32
======Uninstall list======

-->"C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\setup\ccinstaller.exe" /u /silent /module="fw"
-->"C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Ancient Secrets\Uninstall.exe"
-->"C:\Program Files\HP Games\Be!!!eled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\County Fair\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fishing Craze\Uninstall.exe"
-->"C:\Program Files\HP Games\!!!el Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}\setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Personal Firewall-->MsiExec.exe /X{2681A52E-FCFA-4982-A030-7B652BDD346C}
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CA Website Inspector-->C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\CAWebsiteInspector.exe /uninstall
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNAMigrator-->"C:\Program Files\CA\CA Internet Security Suite\CA Backup and Migration\setup\ccinstaller.exe" /u /silent /module="bm" /s /f1""
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP Help and Support-->MsiExec.exe /X{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Smart Web Printing-->msiexec /i{380357CA-29F4-4B3C-B401-32C057E6B59B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0118-->MsiExec.exe /I{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LEGO Digital Designer-->C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{60fa7bf1-3044-4718-9857-21eb48df6789}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Move Networks Media Player for Internet Explorer-->C:\Users\Administrator\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
ScanSoft PaperPort 11-->MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: CA Anti-Virus
AS: Windows Defender
AS: CA Anti-Spyware

======System event log======

Computer Name: Kristan-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB936330(Service Pack) into Installed(Installed) state
Record Number: 108426
Source Name: Microsoft-Windows-Servicing
Time Written: 20091228060658.000000-000
Event Type: Warning
User: Kristan-PC\Administrator

Computer Name: Kristan-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance_en-US(Language Pack) into Installed(Installed) state
Record Number: 108425
Source Name: Microsoft-Windows-Servicing
Time Written: 20091228060658.000000-000
Event Type: Warning
User: Kristan-PC\Administrator

Computer Name: Kristan-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance(Feature Pack) into Installed(Installed) state
Record Number: 108424
Source Name: Microsoft-Windows-Servicing
Time Written: 20091228060658.000000-000
Event Type: Warning
User: Kristan-PC\Administrator

Computer Name: Kristan-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Client-Features(Feature Pack) into Installed(Installed) state
Record Number: 108423
Source Name: Microsoft-Windows-Servicing
Time Written: 20091228060658.000000-000
Event Type: Warning
User: Kristan-PC\Administrator

Computer Name: Kristan-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Windows Foundation(Foundation) into Installed(Installed) state
Record Number: 108422
Source Name: Microsoft-Windows-Servicing
Time Written: 20091228060658.000000-000
Event Type: Warning
User: Kristan-PC\Administrator

=====Application event log=====

Computer Name: Kristan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 280
Source Name: Microsoft-Windows-WMI
Time Written: 20090318022140.000000-000
Event Type: Error
User:

Computer Name: Kristan-PC
Event Code: 508
Message: wuaueng.dll (1068) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" at offset 75776 (0x0000000000012800) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (6394 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 233
Source Name: ESENT
Time Written: 20090318021724.000000-000
Event Type: Warning
User:

Computer Name: Kristan-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ef4 Start Time: 01c9a728d80c02b0 Termination Time: 0
Record Number: 225
Source Name: Application Hang
Time Written: 20090317175616.000000-000
Event Type: Error
User:

Computer Name: Kristan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 175
Source Name: Microsoft-Windows-WMI
Time Written: 20090317181556.000000-000
Event Type: Error
User:

Computer Name: Kristan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 112
Source Name: Microsoft-Windows-WMI
Time Written: 20090313223140.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Kristan-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x530
Name: C:\WINDOWS\System32\svchost.exe

Previous Time: 9:36:06 AM 3/13/2009
New Time: 9:36:06 AM 3/13/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 123
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313163606.500600-000
Event Type: Audit Success
User:

Computer Name: Kristan-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-1614122809-1479091763-1979555073-1000
Account Name: Kristan
Account Domain: Kristan-PC
Logon ID: 0xd9e99

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313163604.676138-000
Event Type: Audit Success
User:

Computer Name: Kristan-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: WIN-R2SAB405K2H$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x114
Process Name: C:\WINDOWS\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x139cee
Record Number: 121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313162258.308138-000
Event Type: Audit Success
User:

Computer Name: Kristan-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: WIN-R2SAB405K2H$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x114
Process Name: C:\WINDOWS\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x139cee
Record Number: 120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090313162258.308138-000
Event Type: Audit Success
User:

Computer Name: Kristan-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1614122809-1479091763-1979555073-1000
Account Name: Kristan
Domain Name: Kristan-PC
Logon ID: 0xd9e66
Record Number: 119
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090313162251.912138-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------
Posted 2/3/2010 12:37 AM
#82588
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
In checking these new logs I see now that what I read as malware earlier is actually part of the CS software installed there. How long had CA been installed before slowness started occurring? There is an adware service remnant that needs removing. Let's do that, then I would still like to see the Gmer scan results before suggesting other steps here please.

Go to Start Search, type cmd.exe and OK. Then right click cmd.exe and run that as an Administrator. At the prompt copy/paste the following, pressing Enter after:

sc config RelevantKnowledge start= disabled
sc delete RelevantKnowledge


Type Exit and press Enter to close the command window.

-----------------
Posted 2/3/2010 1:28 AM
#82591
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-02-02 19:26:01
Windows 6.0.6002 Service Pack 2
Running: j9kxm904.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwddafoc.sys

---- System - GMER 1.0.15 ----

INT 0x62 ? 86874F00
INT 0x72 ? 86874F00
INT 0x92 ? 85922BF8
INT 0xA2 ? 85922BF8
INT 0xB2 ? 85922BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spfs.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E23541B 5 Bytes JMP 868744E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!TerminateProcess + 2 768A18F1 7 Bytes JMP 5FF38D5C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!CreateProcessW + 2 768A1BF5 5 Bytes JMP 5FF386B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!CreateProcessA + 2 768A1C2A 5 Bytes JMP 5FF38594 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!WriteProcessMemory + 2 768A1CBA 5 Bytes JMP 5FF3CED8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!VirtualProtect + 2 768A1DC5 6 Bytes JMP 5FF3D348 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!LoadLibraryExW 768C9109 7 Bytes JMP 5FF38006 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!OpenThread + 2 768CC876 6 Bytes JMP 5FF3D8D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!VirtualProtectEx + 2 768CDBDC 10 Bytes JMP 5FF3D22C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!FreeLibrary + 2 768E3DB6 7 Bytes JMP 5FF3835C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!ExitProcess + 1 768E41D9 6 Bytes JMP 5FF3823F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!TerminateThread + 2 768E41F9 6 Bytes JMP 5FF38E78 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!GetProcAddress + 2 768E903D 5 Bytes JMP 5FF38124 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!VirtualAllocEx + 2 768EACFE 7 Bytes JMP 5FF3D110 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!CreateRemoteThread 768EC935 10 Bytes JMP 5FF3CFF2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] kernel32.dll!DebugActiveProcess + 2 76929A63 8 Bytes JMP 5FF3D9F0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!StartServiceA 7704A24D 7 Bytes JMP 5FF3AEA6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!CreateProcessAsUserA + 2 7704CEBB 7 Bytes JMP 5FF38A04 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!SetFileSecurityW + 2 7704EC00 6 Bytes JMP 5FF3C714 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!SetSecurityInfo + 2 77055896 6 Bytes JMP 5FF3CA68 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77055958 6 Bytes JMP 5FF3CCA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!CreateProcessAsUserW + 2 77061EEB 6 Bytes JMP 5FF388E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!OpenSCManagerA 77062D93 7 Bytes JMP 5FF3A6E2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!OpenServiceA 77062EBD 7 Bytes JMP 5FF3AB52 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!StartServiceW 77063E0B 7 Bytes JMP 5FF3AFC2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!SetKernelObjectSecurity + 2 77063ED0 6 Bytes JMP 5FF3C830 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceStatusEx 77064FFE 7 Bytes JMP 5FF3B1FA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceConfigW 770650A4 7 Bytes JMP 5FF3B54E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceConfigA 770651AD 7 Bytes JMP 5FF3B432 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!OpenSCManagerW 77067137 7 Bytes JMP 5FF3A7FE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!OpenServiceW 77068354 7 Bytes JMP 5FF3AC6E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceStatus 7706842C 7 Bytes JMP 5FF3B0DE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!AdjustTokenPrivileges + 2 770699CF 7 Bytes JMP 5FF3C4DC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!CreateServiceW 77089EB4 7 Bytes JMP 5FF3AA36 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!ControlService 77089FB8 7 Bytes JMP 5FF3B316 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!DeleteService 7708A07E 7 Bytes JMP 5FF3AD8A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumServicesStatusExA 7708B31B 7 Bytes JMP 5FF3C182 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!CreateProcessWithLogonW + 2 770A80C3 6 Bytes JMP 5FF387CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!InitiateSystemShutdownW + 2 770C182B 6 Bytes JMP 5FF3DD48 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!InitiateSystemShutdownExW + 2 770C18F3 6 Bytes JMP 5FF3DF80 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!AbortSystemShutdownW + 2 770C1B14 7 Bytes JMP 5FF3E1B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumServicesStatusExW 770C6909 7 Bytes JMP 5FF3C29E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumServicesStatusA 770C6B47 7 Bytes JMP 5FF3BF4A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 770C6CD9 7 Bytes JMP 5FF3C94A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 770C6DD9 7 Bytes JMP 5FF3BADA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 770C6F81 7 Bytes JMP 5FF3BBF6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 770C7099 7 Bytes JMP 5FF3BD12 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 770C71E1 7 Bytes JMP 5FF3BE2E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!CreateServiceA 770C72A1 7 Bytes JMP 5FF3A91A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumDependentServicesA 770C7505 7 Bytes JMP 5FF3B8A2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumDependentServicesW 770C75D9 7 Bytes JMP 5FF3B9BE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceConfig2A 770C7891 7 Bytes JMP 5FF3B66A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!QueryServiceConfig2W 770C7A19 7 Bytes JMP 5FF3B786 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] ADVAPI32.dll!EnumServicesStatusW + 2 770C7F63 5 Bytes JMP 5FF3C068 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SetUserObjectSecurity + 2 77282811 6 Bytes JMP 5FF3CDBC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SetWindowsHookExA + 2 77286324 5 Bytes JMP 5FF3D464 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!BroadcastSystemMessageW + 2 77288141 5 Bytes JMP 5FF3A154 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SetWindowsHookExW + 2 772887AF 5 Bytes JMP 5FF3D580 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendNotifyMessageW + 2 772893D8 6 Bytes JMP 5FF39CE4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!BroadcastSystemMessageExW + 2 7728941B 5 Bytes JMP 5FF3A38C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!PostThreadMessageA + 2 7728BD36 5 Bytes JMP 5FF39520 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!PostThreadMessageA + 8 7728BD3C 2 Bytes CALL 6DB94DD1
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!PostMessageA + 2 7728F8FA 5 Bytes JMP 5FF392E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageA + 2 7728F958 7 Bytes JMP 5FF390B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageTimeoutW + 2 7729352F 5 Bytes JMP 5FF39AAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageCallbackW + 2 77294572 5 Bytes JMP 5FF39874 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!PostThreadMessageW 77297C8E 5 Bytes JMP 5FF3963C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!PostMessageW + 2 7729A177 6 Bytes JMP 5FF39404 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageW + 2 772A0AEF 7 Bytes JMP 5FF391CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendDlgItemMessageA + 2 772A275D 7 Bytes JMP 5FF39E00 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!OpenClipboard + 2 772AC31F 7 Bytes JMP 5FF368BC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendNotifyMessageA + 2 772ADFD1 6 Bytes JMP 5FF39BC8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageTimeoutA + 2 772B0008 5 Bytes JMP 5FF39990 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendDlgItemMessageW + 2 772B0E3A 7 Bytes JMP 5FF39F1C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SetWindowsHookA + 2 772C624B 5 Bytes JMP 5FF3D69C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SetWindowsHookW + 2 772C6266 5 Bytes JMP 5FF3D7B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!EndTask + 2 772CAD34 6 Bytes JMP 5FF38F94 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!ExitWindowsEx + 2 772CB7C5 6 Bytes JMP 5FF3E2D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!BroadcastSystemMessageExA + 2 772E28E5 5 Bytes JMP 5FF3A270 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!BroadcastSystemMessage + 2 772E290C 5 Bytes JMP 5FF3A038 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] USER32.dll!SendMessageCallbackA + 2 772E2CA9 5 Bytes JMP 5FF39758 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\cfgmng32.exe[2232] SHELL32.dll!SHCreateProcessAsUserW 75F29713 8 Bytes JMP 5FF38B1E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!TerminateProcess 768A18EF 5 Bytes JMP 5FF38D5C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!CreateProcessW 768A1BF3 5 Bytes JMP 5FF386B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!CreateProcessA 768A1C28 5 Bytes JMP 5FF38594 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!WriteProcessMemory 768A1CB8 5 Bytes JMP 5FF3CED8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!VirtualProtect 768A1DC3 5 Bytes JMP 5FF3D348 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!LoadLibraryExW 768C9109 7 Bytes JMP 5FF38008 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!OpenThread 768CC874 5 Bytes JMP 5FF3D8D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!VirtualProtectEx 768CDBDA 5 Bytes JMP 5FF3D22C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!FreeLibrary 768E3DB4 5 Bytes JMP 5FF3835C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!ExitProcess 768E41D8 5 Bytes JMP 5FF38240 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!TerminateThread 768E41F7 5 Bytes JMP 5FF38E78 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!GetProcAddress 768E903B 5 Bytes JMP 5FF38124 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!VirtualAllocEx 768EACFC 5 Bytes JMP 5FF3D110 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!CreateRemoteThread 768EC935 5 Bytes JMP 5FF3CFF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] kernel32.dll!DebugActiveProcess 76929A61 5 Bytes JMP 5FF3D9F0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!StartServiceA 7704A24D 7 Bytes JMP 5FF3AEA8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!CreateProcessAsUserA 7704CEB9 5 Bytes JMP 5FF38A04 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!SetFileSecurityW 7704EBFE 5 Bytes JMP 5FF3C714 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!SetSecurityInfo 77055894 5 Bytes JMP 5FF3CA68 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!SetNamedSecurityInfoW 77055956 5 Bytes JMP 5FF3CCA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!CreateProcessAsUserW 77061EE9 5 Bytes JMP 5FF388E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!OpenSCManagerA 77062D93 7 Bytes JMP 5FF3A6E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!OpenServiceA 77062EBD 7 Bytes JMP 5FF3AB54 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!StartServiceW 77063E0B 7 Bytes JMP 5FF3AFC4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!SetKernelObjectSecurity 77063ECE 5 Bytes JMP 5FF3C830 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceStatusEx 77064FFE 7 Bytes JMP 5FF3B1FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceConfigW 770650A4 7 Bytes JMP 5FF3B550 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceConfigA 770651AD 7 Bytes JMP 5FF3B434 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!OpenSCManagerW 77067137 7 Bytes JMP 5FF3A800 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!OpenServiceW 77068354 7 Bytes JMP 5FF3AC70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceStatus 7706842C 7 Bytes JMP 5FF3B0E0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!AdjustTokenPrivileges 770699CD 5 Bytes JMP 5FF3C4DC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!CreateServiceW 77089EB4 7 Bytes JMP 5FF3AA38 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!ControlService 77089FB8 7 Bytes JMP 5FF3B318 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!DeleteService 7708A07E 7 Bytes JMP 5FF3AD8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumServicesStatusExA 7708B31B 7 Bytes JMP 5FF3C184 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!CreateProcessWithLogonW 770A80C1 5 Bytes JMP 5FF387CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!InitiateSystemShutdownW 770C1829 5 Bytes JMP 5FF3DD48 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!InitiateSystemShutdownExW 770C18F1 5 Bytes JMP 5FF3DF80 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!AbortSystemShutdownW 770C1B12 5 Bytes JMP 5FF3E1B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumServicesStatusExW 770C6909 7 Bytes JMP 5FF3C2A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumServicesStatusA 770C6B47 7 Bytes JMP 5FF3BF4C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 770C6CD9 7 Bytes JMP 5FF3C94C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 770C6DD9 7 Bytes JMP 5FF3BADC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 770C6F81 7 Bytes JMP 5FF3BBF8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 770C7099 7 Bytes JMP 5FF3BD14 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 770C71E1 7 Bytes JMP 5FF3BE30 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!CreateServiceA 770C72A1 7 Bytes JMP 5FF3A91C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumDependentServicesA 770C7505 7 Bytes JMP 5FF3B8A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumDependentServicesW 770C75D9 7 Bytes JMP 5FF3B9C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceConfig2A 770C7891 7 Bytes JMP 5FF3B66C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!QueryServiceConfig2W 770C7A19 7 Bytes JMP 5FF3B788 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ADVAPI32.dll!EnumServicesStatusW 770C7F61 5 Bytes JMP 5FF3C068 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SetUserObjectSecurity 7728280F 5 Bytes JMP 5FF3CDBC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 5FF3D464 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!BroadcastSystemMessageW 7728813F 5 Bytes JMP 5FF3A154 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 5FF3D580 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendNotifyMessageW 772893D6 5 Bytes JMP 5FF39CE4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!BroadcastSystemMessageExW 77289419 5 Bytes JMP 5FF3A38C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!PostThreadMessageA 7728BD34 5 Bytes JMP 5FF39520 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!PostMessageA 7728F8F8 5 Bytes JMP 5FF392E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageA 7728F956 5 Bytes JMP 5FF390B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageTimeoutW 7729352D 5 Bytes JMP 5FF39AAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageCallbackW 77294570 1 Byte [E9]
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageCallbackW 77294570 5 Bytes JMP 5FF39874 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!PostThreadMessageW 77297C8E 5 Bytes JMP 5FF3963C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!PostMessageW 7729A175 5 Bytes JMP 5FF39404 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageW 772A0AED 5 Bytes JMP 5FF391CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendDlgItemMessageA 772A275B 5 Bytes JMP 5FF39E00 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!OpenClipboard 772AC31D 5 Bytes JMP 5FF368BC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendNotifyMessageA 772ADFCF 5 Bytes JMP 5FF39BC8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageTimeoutA 772B0006 5 Bytes JMP 5FF39990 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendDlgItemMessageW 772B0E38 5 Bytes JMP 5FF39F1C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SetWindowsHookA 772C6249 5 Bytes JMP 5FF3D69C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SetWindowsHookW 772C6264 5 Bytes JMP 5FF3D7B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!EndTask 772CAD32 5 Bytes JMP 5FF38F94 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!ExitWindowsEx 772CB7C3 5 Bytes JMP 5FF3E2D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!BroadcastSystemMessageExA 772E28E3 5 Bytes JMP 5FF3A270 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!BroadcastSystemMessage 772E290A 5 Bytes JMP 5FF3A038 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] USER32.dll!SendMessageCallbackA 772E2CA7 5 Bytes JMP 5FF39758 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] SHELL32.dll!SHCreateProcessAsUserW 75F29713 8 Bytes JMP 5FF38B20 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoGetClassObject 76D5FABC 5 Bytes JMP 5FF36448 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoCreateInstance 76D79EA6 5 Bytes JMP 5FF36210 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoCreateInstanceEx 76D79EE9 5 Bytes JMP 5FF3632C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoInitializeEx 76D7AD63 5 Bytes JMP 5FF360F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoGetInstanceFromFile 76DCC3FC 5 Bytes JMP 5FF36564 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] ole32.dll!CoGetInstanceFromIStorage 76DE8605 5 Bytes JMP 5FF36680 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!TerminateProcess 768A18EF 5 Bytes JMP 5FF38D5C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!CreateProcessW 768A1BF3 5 Bytes JMP 5FF386B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!CreateProcessA 768A1C28 5 Bytes JMP 5FF38594 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!WriteProcessMemory 768A1CB8 5 Bytes JMP 5FF3CED8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!VirtualProtect 768A1DC3 5 Bytes JMP 5FF3D348 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!LoadLibraryExW 768C9109 7 Bytes JMP 5FF38008 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!OpenThread 768CC874 5 Bytes JMP 5FF3D8D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!VirtualProtectEx 768CDBDA 5 Bytes JMP 5FF3D22C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!FreeLibrary 768E3DB4 5 Bytes JMP 5FF3835C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!ExitProcess 768E41D8 5 Bytes JMP 5FF38240 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!TerminateThread 768E41F7 5 Bytes JMP 5FF38E78 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!GetProcAddress 768E903B 5 Bytes JMP 5FF38124 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!VirtualAllocEx 768EACFC 5 Bytes JMP 5FF3D110 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!CreateRemoteThread 768EC935 5 Bytes JMP 5FF3CFF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] kernel32.dll!DebugActiveProcess 76929A61 5 Bytes JMP 5FF3D9F0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!StartServiceA 7704A24D 7 Bytes JMP 5FF3AEA8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!CreateProcessAsUserA 7704CEB9 5 Bytes JMP 5FF38A04 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!SetFileSecurityW 7704EBFE 5 Bytes JMP 5FF3C714 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!SetSecurityInfo 77055894 5 Bytes JMP 5FF3CA68 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!SetNamedSecurityInfoW 77055956 5 Bytes JMP 5FF3CCA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!CreateProcessAsUserW 77061EE9 5 Bytes JMP 5FF388E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!OpenSCManagerA 77062D93 7 Bytes JMP 5FF3A6E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!OpenServiceA 77062EBD 7 Bytes JMP 5FF3AB54 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!StartServiceW 77063E0B 7 Bytes JMP 5FF3AFC4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!SetKernelObjectSecurity 77063ECE 5 Bytes JMP 5FF3C830 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceStatusEx 77064FFE 7 Bytes JMP 5FF3B1FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceConfigW 770650A4 7 Bytes JMP 5FF3B550 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceConfigA 770651AD 7 Bytes JMP 5FF3B434 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!OpenSCManagerW 77067137 7 Bytes JMP 5FF3A800 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!OpenServiceW 77068354 7 Bytes JMP 5FF3AC70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceStatus 7706842C 7 Bytes JMP 5FF3B0E0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!AdjustTokenPrivileges 770699CD 5 Bytes JMP 5FF3C4DC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!CreateServiceW 77089EB4 7 Bytes JMP 5FF3AA38 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!ControlService 77089FB8 7 Bytes JMP 5FF3B318 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!DeleteService 7708A07E 7 Bytes JMP 5FF3AD8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumServicesStatusExA 7708B31B 7 Bytes JMP 5FF3C184 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!CreateProcessWithLogonW 770A80C1 5 Bytes JMP 5FF387CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!InitiateSystemShutdownW 770C1829 5 Bytes JMP 5FF3DD48 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!InitiateSystemShutdownExW 770C18F1 5 Bytes JMP 5FF3DF80 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!AbortSystemShutdownW 770C1B12 5 Bytes JMP 5FF3E1B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumServicesStatusExW 770C6909 7 Bytes JMP 5FF3C2A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumServicesStatusA 770C6B47 7 Bytes JMP 5FF3BF4C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 770C6CD9 7 Bytes JMP 5FF3C94C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 770C6DD9 7 Bytes JMP 5FF3BADC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 770C6F81 7 Bytes JMP 5FF3BBF8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 770C7099 7 Bytes JMP 5FF3BD14 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 770C71E1 7 Bytes JMP 5FF3BE30 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!CreateServiceA 770C72A1 7 Bytes JMP 5FF3A91C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumDependentServicesA 770C7505 7 Bytes JMP 5FF3B8A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumDependentServicesW 770C75D9 7 Bytes JMP 5FF3B9C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceConfig2A 770C7891 7 Bytes JMP 5FF3B66C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!QueryServiceConfig2W 770C7A19 7 Bytes JMP 5FF3B788 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ADVAPI32.dll!EnumServicesStatusW 770C7F61 5 Bytes JMP 5FF3C068 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SetUserObjectSecurity 7728280F 5 Bytes JMP 5FF3CDBC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SetWindowsHookExA 77286322 5 Bytes JMP 5FF3D464 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!BroadcastSystemMessageW 7728813F 5 Bytes JMP 5FF3A154 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SetWindowsHookExW 772887AD 5 Bytes JMP 5FF3D580 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendNotifyMessageW 772893D6 5 Bytes JMP 5FF39CE4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!BroadcastSystemMessageExW 77289419 5 Bytes JMP 5FF3A38C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!PostThreadMessageA 7728BD34 5 Bytes JMP 5FF39520 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!PostMessageA 7728F8F8 5 Bytes JMP 5FF392E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageA 7728F956 5 Bytes JMP 5FF390B0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageTimeoutW 7729352D 5 Bytes JMP 5FF39AAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageCallbackW 77294570 1 Byte [E9]
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageCallbackW 77294570 5 Bytes JMP 5FF39874 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!PostThreadMessageW 77297C8E 5 Bytes JMP 5FF3963C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!PostMessageW 7729A175 5 Bytes JMP 5FF39404 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageW 772A0AED 5 Bytes JMP 5FF391CC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendDlgItemMessageA 772A275B 5 Bytes JMP 5FF39E00 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!OpenClipboard 772AC31D 5 Bytes JMP 5FF368BC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendNotifyMessageA 772ADFCF 5 Bytes JMP 5FF39BC8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageTimeoutA 772B0006 5 Bytes JMP 5FF39990 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendDlgItemMessageW 772B0E38 5 Bytes JMP 5FF39F1C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SetWindowsHookA 772C6249 5 Bytes JMP 5FF3D69C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SetWindowsHookW 772C6264 5 Bytes JMP 5FF3D7B8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!EndTask 772CAD32 5 Bytes JMP 5FF38F94 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!ExitWindowsEx 772CB7C3 5 Bytes JMP 5FF3E2D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!BroadcastSystemMessageExA 772E28E3 5 Bytes JMP 5FF3A270 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!BroadcastSystemMessage 772E290A 5 Bytes JMP 5FF3A038 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] USER32.dll!SendMessageCallbackA 772E2CA7 5 Bytes JMP 5FF39758 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoGetClassObject 76D5FABC 5 Bytes JMP 5FF36448 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoCreateInstance 76D79EA6 5 Bytes JMP 5FF36210 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoCreateInstanceEx 76D79EE9 5 Bytes JMP 5FF3632C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoInitializeEx 76D7AD63 5 Bytes JMP 5FF360F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoGetInstanceFromFile 76DCC3FC 5 Bytes JMP 5FF36564 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] ole32.dll!CoGetInstanceFromIStorage 76DE8605 5 Bytes JMP 5FF36680 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\mdmcls32.exe[2680] SHELL32.dll!SHCreateProcessAsUserW 75F29713 8 Bytes JMP 5FF38B20 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!TerminateProcess 768A18EF 9 Bytes JMP 5FF38D5B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!CreateProcessW 768A1BF3 7 Bytes JMP 5FF386AF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!CreateProcessA 768A1C28 7 Bytes JMP 5FF38593 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!WriteProcessMemory 768A1CB8 6 Bytes JMP 5FF3CED7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!VirtualProtect 768A1DC3 8 Bytes JMP 5FF3D347 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!LoadLibraryExW 768C9109 7 Bytes JMP 5FF38007 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!OpenThread 768CC874 8 Bytes JMP 5FF3D8D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!VirtualProtectEx 768CDBDA 6 Bytes JMP 5FF3D22B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!FreeLibrary 768E3DB4 6 Bytes JMP 5FF3835B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!ExitProcess 768E41D8 7 Bytes JMP 5FF3823F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!TerminateThread 768E41F7 8 Bytes JMP 5FF38E77 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!GetProcAddress 768E903B 6 Bytes JMP 5FF38123 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!VirtualAllocEx 768EACFC 6 Bytes JMP 5FF3D10F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!CreateRemoteThread 768EC935 10 Bytes JMP 5FF3CFF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] kernel32.dll!DebugActiveProcess 76929A61 10 Bytes JMP 5FF3D9EF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!StartServiceA 7704A24D 7 Bytes JMP 5FF3AEA7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!CreateProcessAsUserA 7704CEB9 6 Bytes JMP 5FF38A03 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!SetFileSecurityW 7704EBFE 8 Bytes JMP 5FF3C713 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!SetSecurityInfo 77055894 8 Bytes JMP 5FF3CA67 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!SetNamedSecurityInfoW 77055956 8 Bytes JMP 5FF3CC9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!CreateProcessAsUserW 77061EE9 8 Bytes JMP 5FF388E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!OpenSCManagerA 77062D93 7 Bytes JMP 5FF3A6E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!OpenServiceA 77062EBD 7 Bytes JMP 5FF3AB53 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!StartServiceW 77063E0B 7 Bytes JMP 5FF3AFC3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!SetKernelObjectSecurity 77063ECE 8 Bytes JMP 5FF3C82F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceStatusEx 77064FFE 7 Bytes JMP 5FF3B1FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceConfigW 770650A4 7 Bytes JMP 5FF3B54F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceConfigA 770651AD 7 Bytes JMP 5FF3B433 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!OpenSCManagerW 77067137 7 Bytes JMP 5FF3A7FF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!OpenServiceW 77068354 7 Bytes JMP 5FF3AC6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceStatus 7706842C 7 Bytes JMP 5FF3B0DF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!AdjustTokenPrivileges 770699CD 6 Bytes JMP 5FF3C4DB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!CreateServiceW 77089EB4 7 Bytes JMP 5FF3AA37 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!ControlService 77089FB8 7 Bytes JMP 5FF3B317 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!DeleteService 7708A07E 7 Bytes JMP 5FF3AD8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumServicesStatusExA 7708B31B 7 Bytes JMP 5FF3C183 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!CreateProcessWithLogonW 770A80C1 8 Bytes JMP 5FF387CB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!InitiateSystemShutdownW 770C1829 8 Bytes JMP 5FF3DD47 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!InitiateSystemShutdownExW 770C18F1 8 Bytes JMP 5FF3DF7F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!AbortSystemShutdownW 770C1B12 6 Bytes JMP 5FF3E1B7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumServicesStatusExW 770C6909 7 Bytes JMP 5FF3C29F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumServicesStatusA 770C6B47 7 Bytes JMP 5FF3BF4B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!SetServiceObjectSecurity 770C6CD9 7 Bytes JMP 5FF3C94B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!ChangeServiceConfigA 770C6DD9 7 Bytes JMP 5FF3BADB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!ChangeServiceConfigW 770C6F81 7 Bytes JMP 5FF3BBF7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!ChangeServiceConfig2A 770C7099 7 Bytes JMP 5FF3BD13 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!ChangeServiceConfig2W 770C71E1 7 Bytes JMP 5FF3BE2F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!CreateServiceA 770C72A1 7 Bytes JMP 5FF3A91B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumDependentServicesA 770C7505 7 Bytes JMP 5FF3B8A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumDependentServicesW 770C75D9 7 Bytes JMP 5FF3B9BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceConfig2A 770C7891 7 Bytes JMP 5FF3B66B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!QueryServiceConfig2W 770C7A19 7 Bytes JMP 5FF3B787 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ADVAPI32.dll!EnumServicesStatusW 770C7F61 7 Bytes JMP 5FF3C067 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SetUserObjectSecurity 7728280F 8 Bytes JMP 5FF3CDBB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SetWindowsHookExA 77286322 7 Bytes JMP 5FF3D463 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!BroadcastSystemMessageW 7728813F 7 Bytes JMP 5FF3A153 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SetWindowsHookExW 772887AD 7 Bytes JMP 5FF3D57F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendNotifyMessageW 772893D6 8 Bytes JMP 5FF39CE3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!BroadcastSystemMessageExW 77289419 7 Bytes JMP 5FF3A38B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!PostThreadMessageA 7728BD34 7 Bytes JMP 5FF3951F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!PostThreadMessageA + 8 7728BD3C 2 Bytes [90, 90] {NOP ; NOP }
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!PostMessageA 7728F8F8 6 Bytes JMP 5FF392E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageA 7728F956 6 Bytes JMP 5FF390AF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageTimeoutW 7729352D 7 Bytes JMP 5FF39AAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageCallbackW 77294570 6 Bytes JMP 5FF39873 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!PostThreadMessageW 77297C8E 6 Bytes JMP 5FF3963B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!PostMessageW 7729A175 8 Bytes JMP 5FF39403 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageW 772A0AED 6 Bytes JMP 5FF391CB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendDlgItemMessageA 772A275B 9 Bytes JMP 5FF39DFF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!OpenClipboard 772AC31D 6 Bytes JMP 5FF368BB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendNotifyMessageA 772ADFCF 8 Bytes JMP 5FF39BC7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageTimeoutA 772B0006 7 Bytes JMP 5FF3998F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendDlgItemMessageW 772B0E38 9 Bytes JMP 5FF39F1B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SetWindowsHookA 772C6249 7 Bytes JMP 5FF3D69B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SetWindowsHookW 772C6264 7 Bytes JMP 5FF3D7B7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!EndTask 772CAD32 8 Bytes JMP 5FF38F93 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!ExitWindowsEx 772CB7C3 8 Bytes JMP 5FF3E2D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!BroadcastSystemMessageExA 772E28E3 7 Bytes JMP 5FF3A26F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!BroadcastSystemMessage 772E290A 7 Bytes JMP 5FF3A037 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] USER32.dll!SendMessageCallbackA 772E2CA7 6 Bytes JMP 5FF39757 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoGetClassObject + 2 76D5FABE 8 Bytes JMP 5FF36447 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoCreateInstance + 2 76D79EA8 6 Bytes JMP 5FF3620F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoCreateInstanceEx + 2 76D79EEB 7 Bytes JMP 5FF3632B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoInitializeEx + 2 76D7AD65 6 Bytes JMP 5FF360F3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoGetInstanceFromFile + 2 76DCC3FE 8 Bytes JMP 5FF36563 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Administrator\Desktop\j9kxm904.exe[2836] ole32.dll!CoGetInstanceFromIStorage + 2 76DE8607 8 Bytes JMP 5FF3667F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806106D6] \SystemRoot\System32\Drivers\spfs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80610042] \SystemRoot\System32\Drivers\spfs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80610800] \SystemRoot\System32\Drivers\spfs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806100C0] \SystemRoot\System32\Drivers\spfs.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8061013E] \SystemRoot\System32\Drivers\spfs.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061FB90] \SystemRoot\System32\Drivers\spfs.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[428] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[788] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[828] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WinInet.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010120] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WinInet.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WinInet.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WinInet.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1480] @ C:\Windows\system32\WinInet.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [008304E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [008306B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00830300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [008306B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [008306B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [008306B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00830300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0082FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0082FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [0082FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1612] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [0082F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00A104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00A106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00A106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00A106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00A0FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00A106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00A0F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00A0FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00A0FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1756] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00A10300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [007E06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [007E04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [007E06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [007E06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [007E0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [007E06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [007DFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [007DFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [007DFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\rundll32.exe[1816] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [007DF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1860] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\Explorer.EXE [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010120] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[1964] @ C:\Windows\System32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1976] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [011504E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [011506B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [011506B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [011506B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0114FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [011506B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0114F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0114FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0114FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [01150300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3CA68] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\cfgmng32.exe[2232] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3CA68] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2420] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00DD04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00DD06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00DD06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00DD06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00DCFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00DD06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00DD0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00DCFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [00DCFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2544] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [00DCF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3CA68] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\mdmcls32.exe[2680] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3D110] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Administrator\Desktop\j9kxm904.exe[2836] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3508] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859481F8

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\netbt \Device\NetBT_Tcpip_{A7D025E5-324A-4670-AAFC-860727EA4213} 87D88500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 859241F8
Device \Driver\usbohci \Device\USBPDO-0 8683E1F8
Device \Driver\usbehci \Device\USBPDO-1 8682A1F8
Device \Driver\usbohci \Device\USBPDO-2 8683E1F8
Device \Driver\usbehci \Device\USBPDO-3 8682A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 859241F8
Device \Driver\volmgr \Device\HarddiskVolume2 859241F8
Device \Driver\cdrom \Device\CdRom0 868531F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 859271F8
Device \Driver\atapi \Device\Ide\IdePort0 859271F8
Device \Driver\atapi \Device\Ide\IdePort1 859271F8
Device \Driver\atapi \Device\Ide\IdePort2 859271F8
Device \Driver\atapi \Device\Ide\IdePort3 859271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 859271F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87D88500
Device \Driver\netbt \Device\NetBT_Tcpip_{9FA64C62-1D2D-46D3-934B-AFFEA536495C} 87D88500
Device \Driver\Smb \Device\NetbiosSmb 87B4D500
Device \Driver\iScsiPrt \Device\RaidPort0 868F01F8
Device \Driver\usbohci \Device\USBFDO-0 8683E1F8
Device \Driver\usbehci \Device\USBFDO-1 8682A1F8
Device \Driver\usbohci \Device\USBFDO-2 8683E1F8
Device \Driver\usbehci \Device\USBFDO-3 8682A1F8
Device \FileSystem\cdfs \Cdfs 88E8E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186306213
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x1E 0x2E 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186306213 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x1E 0x2E 0x51 ...

---- EOF - GMER 1.0.15 ----
Posted 2/3/2010 1:31 AM
#82592
User avatar

keng53140 Advanced member

Date Joined Nov 2016
Total Posts: 77
i also did what you told me iwth cmd.exe

it was successful for both
Posted 2/4/2010 12:18 AM
#82602
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
The Gmer log shows mostly CA functions, and then some of Daemon Tools hidden functions, but nothing of malware showing. May be that CA is what is causing the issues. If these scans lead to nothing as a possible source of the slowness you really should then uninstall CA, and check for improvement after. But one other scan now, just to be sure.




Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 2/24/2010 5:01 AM
#83226
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Due to lack of feedback, this topic has been closed.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, July 6, 2022, 6:10 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
30 Guest(s), 0 Registered Member(s) are currently online.