Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Help to remove Trojan please		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Help to remove Trojan please  (Read 6058 times)
Mikey
Newbie
*





   


Posts: 17
Help to remove Trojan please
« on: Jul 16th, 2009, 3:36am »		 Quote Quote  Modify Modify
I have a trojan and have followed the forum advice to remove it. My ebay account was used to purchase 6 seperate items and my facebook account was used for the 914 scam against my friends. I post the scan logs as follows:-
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:01, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
D:\MailWasher\MailWasher\MailWasher.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140. cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu web_site.cab?1246378065468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1246442247078
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
 
--
End of file - 8969 bytes
 
TrojanHunter Scan Report - Saved 2009-07-16 08:43
 
Suspicious registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\IndexCleaner
Suspicious registry entry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\IndexCleaner
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Ind exCleaner
Removed registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Inde xCleaner
 
This reappears on each reboot.
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 07/15/2009 at 04:09 PM
 
Application Version : 4.26.1006
 
Core Rules Database Version : 3992
Trace Rules Database Version: 1932
 
Scan type  : Complete Scan
Total Scan Time : 07:17:56
 
Memory items scanned : 218
Memory threats detected   : 0
Registry items scanned    : 4855
Registry threats detected : 0
File items scanned   : 56536
File threats detected     : 2
 
Adware.Tracking Cookie
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@atdmt[2].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@atdmt[3].txt
 
 
I was unable to use BitDefender so scanned with MS One Live that showed no problems.
 
Please help me with this. I am a 'silver surfer' and very concerned. Thanks. Mikey
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Help to remove Trojan please
« Reply #1 on: Jul 16th, 2009, 4:23am »		 Quote Quote  Modify Modify
Welcome to the forum Mikey  Cheesy
 
-  Your Hijackthis log is not showing any infections.  However that does not necessarily mean that you are totally clean.
 
-  SuperAntiSpyware found only tracking cookies.  These aren't really that much to be concerned about and would not be the cause of any major infection.
 
-  TrojanHunter is not finding anything to be concerned about.  IndexCleaner is a valid program and is part of MRUBlaster.  TrojanHunter is complaining that IndexCleaner is being started from two different registry entries.  This is sometimes characteristic of an infection, but in your case it is not an infection.  
 
I recommend that:
 
-  You promptly change your passwords on your Ebay account, your Facebook account, and any other computer accounts that you have.  
 
-  Ensure that you have installed all the Microsoft updates through Windows Update.  
 
-  Your SuperAntispyware scan contains outdated core and trace definitions.  The latest core defs = 3998; the latest trace defs = 1938.  Download the latest core and trace definitions for SAS and perform another scan with SAS.  
 
You can obtain the latest core/trace definitions for SAS from the link below if your SAS LiveUpdate is not working.
 
http://www.superantispyware.com/definitions.html
 
-  Please post back here the new SAS scan log.
 
-  Run a Remote Online Scan with Kaspersky from the link below.
 
http://www.kaspersky.com/virusscanner
 
   1.  Use Internet Explorer to go to the above website.  Kaspersky will need to download/install an ActiveX component and then several other large files containing Kaspersky scan definitions.  Please let it install the ActiveX component and these files to prepare for the remote scan.  
 
   2.  Before starting the Kaspersky remote scan, temporarily disable your other security programs so that they do not interfere with Kaspersky.  DO NOT disable your firewall.
 
   3.  Be sure to run a FULL system scan with Kaspersky.  
 
-  Please post back here the results log of the Kaspersky scan.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Help to remove Trojan please
« Reply #2 on: Jul 16th, 2009, 4:31am »		 Quote Quote  Modify Modify
In addition to my post above.
 
If you cannot get Kaspersky to scan, it may be because you do not have Java installed on your computer for IE8.  You can install it from the link below.
 
http://www.java.com/en/
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #3 on: Jul 16th, 2009, 4:34am »		 Quote Quote  Modify Modify
Thanks. I have the latest updates now from SAS so will do a full scan with it and Kaspersky. It will take several hours but I will post the logs as soon as complete. Mikey
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Help to remove Trojan please
« Reply #4 on: Jul 16th, 2009, 4:55am »		 Quote Quote  Modify Modify
Okay, I'll examine the results when you post them.
 
I do have a question for you.  Have you recently received an email from ebay or anyone else asking you to update your account information or something like this?  If so, did you respond to the email request?  
 
The reason for my question is that you may be the victim of an email phish/pharm scam and the sender of the email got your account password from your email respond.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #5 on: Jul 16th, 2009, 6:37am »		 Quote Quote  Modify Modify
SAS log completed and attached. No I would never respond to that type of request.
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 07/16/2009 at 12:11 PM
 
Application Version : 4.26.1006
 
Core Rules Database Version : 3998
Trace Rules Database Version: 1938
 
Scan type  : Complete Scan
Total Scan Time : 01:32:06
 
Memory items scanned : 631
Memory threats detected   : 0
Registry items scanned    : 5170
Registry threats detected : 0
File items scanned   : 57323
File threats detected     : 8
 
Adware.Tracking Cookie
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@atdmt[3].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@specificclick[1].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@ad.yieldmanager[1].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@atdmt[2].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@msnportal.112.2o7[1].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@msnservices.112.2o7[1].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@2o7[2].txt
C:\Documents and Settings\Michael Rice\Cookies\michael_rice@fastclick[2].txt
 
Just about to start Kaspersky Mikey
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Help to remove Trojan please
« Reply #6 on: Jul 16th, 2009, 7:58am »		 Quote Quote  Modify Modify
Again, the only thing SAS is detecting is tracking cookies.  I assume that you are letting SAS remove/quarantine these at the end of the scan.  
 
If you do not already have JavaCool's SpywareBlaster on your system, you should try it.  It will block a lot of cookies and other malicious items prior to them being installed on your disk.
 
http://www.javacoolsoftware.com/spywareblaster.html
 
SpywareBlaster user forum:
 
http://www.wilderssecurity.com/forumdisplay.php?s=49ad674c5e754e712e1815 ae20073ff2&f=23
« Last Edit: Jul 16th, 2009, 9:39am by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #7 on: Jul 16th, 2009, 3:21pm »		 Quote Quote  Modify Modify
I eventually have the Kaspersky log:-
Thursday, July 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 13:38:57
Records in database: 2474116
 
 
Scan settings  
Scan using the following database extended  
Scan archives yes  
Scan mail databases yes  
 
Scan area File  
 
 
Scan statistics  
Files scanned 81389  
Threat name 0  
Infected objects 0  
Suspicious objects 0  
Duration of the scan 04:28:35  
 
No malware has been detected. The scan area is clean.  
The selected area was scanned.  
 
 
On reflection both ebay and facebook used different passwords. I am still concerned. Mikey
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Help to remove Trojan please
« Reply #8 on: Jul 16th, 2009, 11:07pm »		 Quote Quote  Modify Modify
Hmmm...thus far nothing malicious is showing up.  
 
I assume that:  
 
-  you are using complex passwords on your accounts with at least 8 characters, with upper and lower case letters, with numbers, and with some characters such as @ # % & *, etc., in them.  
 
-  you have contacted eBay Fraud concerning the unknown purchases per your eBay account.
 
-  you have checked your bank and credit card accounts to ensure that no suspicious activity is occurring.
 
 
Please try the following:
 
1.  Scan your system for hidden rootkits per the GMER rootkit scanner at the link below.  Post the scan log back here please.  Tell me if any of the items in the scan are in RED.
 
http://www.gmer.net/
 
2.  Scan your system with freebie Malwarebytes Anti-Spyware per the link below.
 
http://www.malwarebytes.org/
 
-  After you install MBAM, be sure to run its LiveUpdate prior to do the full system scan.
 
-  Post its scan log back here.
« Last Edit: Jul 16th, 2009, 11:22pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #9 on: Jul 17th, 2009, 8:04am »		 Quote Quote  Modify Modify
1st part of GMER scan. Using several posts
 
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 13:43:42
Windows 5.1.2600 Service Pack 3
 
 
---- System - GMER 1.0.15 ----
 
SSDT  \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)   ZwTerminateProcess [0xB759CDF0]
 
Code  899B5EE8                   ZwCreateSection
Code  89CAEC68                   ZwDuplicateObject
Code  899FA738                   ZwSetInformationFile
Code  89A03520                   ZwSetSystemInformation
Code  89A19780                   ZwWriteFile
Code  899B5EE7                   NtCreateSection
Code  89CAEC67                   NtDuplicateObject
Code  899FA737                   NtSetInformationFile
Code  89A1977F                   NtWriteFile
 
---- Kernel code sections - GMER 1.0.15 ----
 
PAGE  ntkrnlpa.exe!IoGetBootDiskInformation + 66F              8056BB87 7 Bytes  JMP 89AC769C  
PAGE  ntkrnlpa.exe!NtSetInformationFile              80570304 5 Bytes  JMP 899FA73C  
PAGE  ntkrnlpa.exe!NtWriteFile                  805722C8 7 Bytes  JMP 89A19784  
PAGE  ntkrnlpa.exe!NtCreateSection                   805A076C 7 Bytes  JMP 899B5EEC  
PAGE  ntkrnlpa.exe!ObCloseHandle + 17                805B1CC1 7 Bytes  JMP 89A1C574  
PAGE  ntkrnlpa.exe!NtDuplicateObject                 805B38DA 7 Bytes  JMP 89CAEC6C  
PAGE  ntkrnlpa.exe!ZwSetSystemInformation                 80605F20 5 Bytes  JMP 89A03524  
PAGE  Fastfat.SYS                     B527E9C8 7 Bytes  JMP 899FE9DC  
 
---- User code sections - GMER 1.0.15 ----
 
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!DialogBoxParamW       7E4247AB 5 Bytes  JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!SetWindowsHookExW          7E42820F 5 Bytes  JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!CallNextHookEx        7E42B3C6 5 Bytes  JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!CreateWindowExW       7E42D0A3 5 Bytes  JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!UnhookWindowsHookEx        7E42D5F3 5 Bytes  JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!DialogBoxIndirectParamW         7E432072 5 Bytes  JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!MessageBoxIndirectA        7E43A082 5 Bytes  JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!DialogBoxParamA       7E43B144 5 Bytes  JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!MessageBoxExW         7E450838 5 Bytes  JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!MessageBoxExA         7E45085C 5 Bytes  JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!DialogBoxIndirectParamA         7E456D7D 5 Bytes  JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] USER32.dll!MessageBoxIndirectW        7E4664D5 5 Bytes  JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ole32.dll!CoCreateInstance       7750057E 5 Bytes  JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!getaddrinfo           71AB2A6F 5 Bytes  JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!closesocket           71AB3E2B 5 Bytes  JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!socket           71AB4211 5 Bytes  JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!connect          71AB4A07 5 Bytes  JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!send        71AB4C27 5 Bytes  JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[1960] ws2_32.dll!recv        71AB676F 5 Bytes  JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\WINDOWS\system32\SearchIndexer.exe[2284] kernel32.dll!WriteFile           7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!DialogBoxParamW       7E4247AB 5 Bytes  JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!SetWindowsHookExW          7E42820F 5 Bytes  JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!CallNextHookEx        7E42B3C6 5 Bytes  JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!CreateWindowExW       7E42D0A3 5 Bytes  JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!UnhookWindowsHookEx        7E42D5F3 5 Bytes  JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!DialogBoxIndirectParamW         7E432072 5 Bytes  JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!MessageBoxIndirectA        7E43A082 5 Bytes  JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!DialogBoxParamA       7E43B144 5 Bytes  JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!MessageBoxExW         7E450838 5 Bytes  JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!MessageBoxExA         7E45085C 5 Bytes  JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!DialogBoxIndirectParamA         7E456D7D 5 Bytes  JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] USER32.dll!MessageBoxIndirectW        7E4664D5 5 Bytes  JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ole32.dll!CoCreateInstance       7750057E 5 Bytes  JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
IP Logged
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #10 on: Jul 17th, 2009, 8:05am »		 Quote Quote  Modify Modify
2nd part of GMER scan
 
 71AB2A6F 5 Bytes  JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ws2_32.dll!closesocket           71AB3E2B 5 Bytes  JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ws2_32.dll!socket           71AB4211 5 Bytes  JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ws2_32.dll!connect          71AB4A07 5 Bytes  JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ws2_32.dll!send        71AB4C27 5 Bytes  JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2532] ws2_32.dll!recv        71AB676F 5 Bytes  JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!DialogBoxParamW       7E4247AB 5 Bytes  JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!CreateWindowExW       7E42D0A3 5 Bytes  JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!DialogBoxIndirectParamW         7E432072 5 Bytes  JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!MessageBoxIndirectA        7E43A082 5 Bytes  JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!DialogBoxParamA       7E43B144 5 Bytes  JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!MessageBoxExW         7E450838 5 Bytes  JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!MessageBoxExA         7E45085C 5 Bytes  JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!DialogBoxIndirectParamA         7E456D7D 5 Bytes  JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[2544] USER32.dll!MessageBoxIndirectW        7E4664D5 5 Bytes  JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!DialogBoxParamW       7E4247AB 5 Bytes  JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!SetWindowsHookExW          7E42820F 5 Bytes  JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!CallNextHookEx        7E42B3C6 5 Bytes  JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!CreateWindowExW       7E42D0A3 5 Bytes  JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!UnhookWindowsHookEx        7E42D5F3 5 Bytes  JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!DialogBoxIndirectParamW         7E432072 5 Bytes  JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!MessageBoxIndirectA        7E43A082 5 Bytes  JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!DialogBoxParamA       7E43B144 5 Bytes  JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!MessageBoxExW         7E450838 5 Bytes  JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!MessageBoxExA         7E45085C 5 Bytes  JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!DialogBoxIndirectParamA         7E456D7D 5 Bytes  JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] USER32.dll!MessageBoxIndirectW        7E4664D5 5 Bytes  JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ole32.dll!CoCreateInstance       7750057E 5 Bytes  JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!getaddrinfo           71AB2A6F 5 Bytes  JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!closesocket           71AB3E2B 5 Bytes  JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!socket           71AB4211 5 Bytes  JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!connect          71AB4A07 5 Bytes  JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!send        71AB4C27 5 Bytes  JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\Program Files\Internet Explorer\IEXPLORE.EXE[3784] ws2_32.dll!recv        71AB676F 5 Bytes  JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text      C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE[4088] kernel32.dll!SetUnhandledExceptionFilter         7C84495D 5 Bytes  JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
IP Logged
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #11 on: Jul 17th, 2009, 8:07am »		 Quote Quote  Modify Modify
3rd part GMER scan
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]      [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]   [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]    [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]    [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]    [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]    [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]   [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]   [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW]      [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]       [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW]      [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA]      [1000FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[360] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]      [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Fi
IP Logged
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #12 on: Jul 17th, 2009, 8:10am »		 Quote Quote  Modify Modify
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]   [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]    [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]    [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]    [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]    [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]   [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]   [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW]      [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]       [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW]      [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]       [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ Next part of GMER scan
 
C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\System32\svchost.exe[444] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT
IP Logged
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #13 on: Jul 17th, 2009, 8:12am »		 Quote Quote  Modify Modify
Next part GMER scan
 
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA]        [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW]        [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA]          [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW]        [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW]          [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress]        [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]    [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]      [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]      [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]    [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]        [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]        [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]      [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]       [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]       [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]         [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]       [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]         [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]      [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]      [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]        [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]      [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]        [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]      [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]        [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]      [0280FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]      [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]       [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]         [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]         [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]       [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]       [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]       [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]     [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]     [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]       [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]     [0280FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]     [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]     [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]     [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]      [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]      [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]    [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA]    [0280FBD0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]       [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]     [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW]    [0280FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]     [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]       [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]     [0280F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]     [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW]    [0280FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]       [0280FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]     [0280F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW]     [02810160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]    [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]      [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]      [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]        [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]       [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544]  
C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]     [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]         [0280F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]       [0280F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT
IP Logged
Mikey
Newbie
*





   


Posts: 17
Re: Help to remove Trojan please
« Reply #14 on: Jul 17th, 2009, 8:14am »		 Quote Quote  Modify Modify
Next GMER scan
 
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]   [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]    [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]    [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]       [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]       [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]     [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]      [1000FF90] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]      [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]      [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]      [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW]    [1000FDB0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]       [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]     [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW]     [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]     [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]       [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]      [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]      [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]    [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]       [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\services.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]     [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW]      [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]     [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]       [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]       [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]     [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]   [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]   [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]      [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]       [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]       [10010160] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]    [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]       [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]    [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]   [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]   [1000F330] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]     [1000F8D0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]     [1000FA50] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]   [1000F6C0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT   C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]   [1000F4B0] C:\Program Files\CA\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »