Scan saved at 8:21:47 PM, on 12/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\DDI\AOLICON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\scott\Desktop\SIC 5.0 Build 1004\SICWin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: AOLDDI.LNK = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-------------------------------------------------------------------
SIC Log Reader (SLR) Ver 5.0.0.0000
-------------------------------------------------------------------
Greetings!
Thank you for consulting TrendLabs HQ.
Below are the analyses for the submitted log file(s):
[--SIC log analysis--]
Computer Name: scott-pc
User Name: scott
Date/Time: 12-26-2008 18:44:01
Suspicious files:
c:\ddi\aolicon.exe
c:\program files\common files\sony shared\avlib\mscsptisrv.exe
c:\program files\common files\sony shared\avlib\pacsptisvr.exe
c:\program files\installshield installation information\{01fdc9fc-4d4f-4db0-acd1-d3e8e1d52902}\setup.exe
c:\program files\installshield installation information\{36c41d70-56f5-4e2b-81da-6beb7502d7a1}\setup.exe
c:\program files\installshield installation information\{3d173dc5-4ae5-4b3f-9819-3977dd11b1d0}\setup.exe
c:\program files\installshield installation information\{5c5ee8f2-0b38-4c13-ae4e-a87a237fe718}\setup.exe
c:\program files\installshield installation information\{68a69cff-130d-4cde-ab0e-7374ecb144c8}\setup.exe
c:\program files\installshield installation information\{6b1f20f2-6321-4669-a58c-33df8e7517ff}\setup.exe
c:\program files\installshield installation information\{6fa8ba2c-052b-4072-b8e2-2302c268be9e}\setup.exe
c:\program files\installshield installation information\{b25563a0-41f4-4a81-a6c1-6dbc0911b1f3}\setup.exe
c:\program files\installshield installation information\{b2c4a8c4-aa20-425d-9fee-c78039238c81}\setup.exe
c:\program files\installshield installation information\{b34b6e67-fcdd-4e03-8742-b5701427fafb}\setup.exe
c:\program files\installshield installation information\{bbbcae4b-b416-4182-a6f2-438180894a81}\setup.exe
c:\program files\installshield installation information\{cb8a8696-93ec-414e-a752-850ab133f68a}\setup.exe
c:\program files\installshield installation information\{ce2121c6-c94d-4a73-8ea4-6943f33ee335}\setup.exe
c:\program files\installshield installation information\{d5068583-d569-468b-9755-5fbf5848f46f}\setup.exe
c:\program files\installshield installation information\{fd72e69e-cf34-4071-bfd6-fd081a365e2c}\setup.exe
c:\program files\installshield installation information\{fe697886-f392-4e0d-a0c0-47587bf60992}\setup.exe
c:\program files\real\realplayer\rpbrowserrecordplugin.dll
c:\program files\sony\isb utility\isbmgr.exe
c:\program files\sony\vaio my memory center\vaio mymemcenter.exe
c:\program files\sony\vaio survey\vaio sat survey.exe
c:\users\scott\appdata\local\microsoft\windows\temporary internet files\content.ie5\p92isqjw\firefox%20setup%203.0.5[1].exe
c:\users\scott\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\aleuspuk\firefox%20setup%203.0.5[1].exe
c:\windows\system32\drivers\arcsoftksufilter.sys
c:\windows\system32\drivers\djsvs.sys
c:\windows\system32\drivers\netw5v32.sys
c:\windows\system32\drivers\pxhelp20.sys
c:\windows\system32\drivers\ql2300.sys
c:\windows\system32\drivers\swmsflt.sys
c:\windows\system32\drivers\swnc8u80.sys
c:\windows\system32\drivers\uliahci.sys
c:\windows\system32\oobefldr.dll
c:\windows\system32\pcasvc.dll
c:\windows\system32\pctindis5.sys
Suspicious file(s) details:
+-------------------------------------------------------------------
|c:\ddi\aolicon.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
Windows Services:
Command Line = c:\windows\system32\msiexec /v
Display Name = windows installer
Service Name = msiserver
Startup Type = demand_start
State = stopped
Windows Services:
Command Line =
Display Name = stopped
Service Name = vaio entertainment tv device arbitration servicevaio entertainment tv device arbitration service
Startup Type = [cache]"c:\program files\common files\sony shared\vaio entertainment platform\vzhardwareresourcemanager\vzhardwareresourcemanager\vzhardwareresourcemanager.exe"
State = demand_start
Score:
Autostart Count = 2
Process Count = 1
File Version Count = 1 of 7
File Versions:
Product = no_data
Product Version = no_data
Company = no_data
Description = no_data
Original Filename = no_data
File Version Label = no_data
File Version Number = 0.0.0.0
MD5 Digest = 0x133e5f492fe58f893993e0f34fc7b904
SHA-1 Digest = 0xc6bfcb85d64997f2cb9d4dbd255f53e67247eba8
CRC32 Digest = 0x78ebfb06
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\common files\sony shared\avlib\mscsptisrv.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\mscsptisrv
imagepath = "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
Windows Services:
Command Line = "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
Display Name = mscsptisrv
Service Name = mscsptisrv
Startup Type = demand_start
State = stopped
Score:
Autostart Count = 2
File Version Count = 6 of 7
File Versions:
Product = mscsptisrv module
Product Version = 5.1.00.05200
Company = sony corporation
Description = mscsptisrv module
Original Filename = no_data
File Version Label = 5.1.00.05200
File Version Number = 5.1.0.5200
MD5 Digest = 0xa99d2c7e30ad63ef920a894131caf5f7
SHA-1 Digest = 0x902c9bed3626cabaca1abd0f9ef5503cdfee87eb
CRC32 Digest = 0x78cc9cd9
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\common files\sony shared\avlib\pacsptisvr.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pacsptisvr
imagepath = "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
Windows Services:
Command Line = "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
Display Name = pacsptisvr
Service Name = pacsptisvr
Startup Type = demand_start
State = stopped
Score:
Autostart Count = 2
File Version Count = 6 of 7
File Versions:
Product = pacsptisvr module
Product Version = 5.1.00.05200
Company = sony corporation
Description = pacsptisvr module
Original Filename = no_data
File Version Label = 5.1.00.05200
File Version Number = 5.1.0.5200
MD5 Digest = 0x41c33fb4fd929fed732a00d2daef5be0
SHA-1 Digest = 0xbc61260a405ff12e86a409608bdc29c5055e34a3
CRC32 Digest = 0xe189d9b4
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{01fdc9fc-4d4f-4db0-acd1-d3e8e1d52902}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{36c41d70-56f5-4e2b-81da-6beb7502d7a1}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{3d173dc5-4ae5-4b3f-9819-3977dd11b1d0}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{5c5ee8f2-0b38-4c13-ae4e-a87a237fe718}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{68a69cff-130d-4cde-ab0e-7374ecb144c8}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{6b1f20f2-6321-4669-a58c-33df8e7517ff}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{6fa8ba2c-052b-4072-b8e2-2302c268be9e}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b25563a0-41f4-4a81-a6c1-6dbc0911b1f3}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b2c4a8c4-aa20-425d-9fee-c78039238c81}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b34b6e67-fcdd-4e03-8742-b5701427fafb}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{bbbcae4b-b416-4182-a6f2-438180894a81}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{cb8a8696-93ec-414e-a752-850ab133f68a}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{ce2121c6-c94d-4a73-8ea4-6943f33ee335}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{d5068583-d569-468b-9755-5fbf5848f46f}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{fd72e69e-cf34-4071-bfd6-fd081a365e2c}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\installshield installation information\{fe697886-f392-4e0d-a0c0-47587bf60992}\setup.exe
+-------------------------------------------------------------------
Caught by rule: @Zdupcrc
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\real\realplayer\rpbrowserrecordplugin.dll
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
browser helper objects
hkey_classes_root\clsid\{3049c3e9-b461-4bc5-8870-4c09146192ca}\inprocserver32
(default) = c:\program files\real\realplayer\rpbrowserrecordplugin.dll
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = no_data
Product Version = 1.0.1.85
Company = realplayer
Description = realplayer download and record plugin for internet explorer
Original Filename = rpbrowserrecordplugin.dll
File Version Label = 1.0.1.85
File Version Number = 1.0.1.85
MD5 Digest = 0xba0b225d8fda9b22f22f5816873eb9fe
SHA-1 Digest = 0xe7a2f8995169a47e376978c3e3568e3df2e62493
CRC32 Digest = 0x777276e9
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\sony\isb utility\isbmgr.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
isbmgr.exe = "c:\program files\sony\isb utility\isbmgr.exe"
Score:
Autostart Count = 1
Process Count = 1
File Version Count = 5 of 7
File Versions:
Product = isb utility
Product Version = 3.0.00
Company = sony corporation
Description = no_data
Original Filename = no_data
File Version Label = 3.0.00.04030
File Version Number = 3.0.0.4030
MD5 Digest = 0xc61dfed19704fa252702727efcff97c3
SHA-1 Digest = 0x4c7c4787b7bc7ef2cde379068ccfc90fca58e5c9
CRC32 Digest = 0x34e7d909
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\sony\vaio my memory center\vaio mymemcenter.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
vaiomymemcenter = "c:\program files\sony\vaio my memory center\vaio mymemcenter.exe" 1
Score:
Autostart Count = 1
File Version Count = 5 of 7
File Versions:
Product = no_data
Product Version = 0.0.0.0
Company = no_data
Description =
Original Filename = vaio mymemcenter.exe
File Version Label = 0.0.0.0
File Version Number = 0.0.0.0
MD5 Digest = 0x07b5ab2f18902ce328e38a8101cbd3f7
SHA-1 Digest = 0xfa16a7ac0ac470e3d716bcbd20f5c9500df9ff3c
CRC32 Digest = 0xa3e93b3c
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\program files\sony\vaio survey\vaio sat survey.exe
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
vaiosurvey = "c:\program files\sony\vaio survey\vaio sat survey.exe"
Score:
Autostart Count = 1
File Version Count = 5 of 7
File Versions:
Product = no_data
Product Version = 0.0.0.0
Company = no_data
Description =
Original Filename = vaio sat survey.exe
File Version Label = 0.0.0.0
File Version Number = 0.0.0.0
MD5 Digest = 0xe51449759ec41555a38689bd4f62ad76
SHA-1 Digest = 0x0c8509406cba9986aea77908fe4723b1323902a9
CRC32 Digest = 0x24886889
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\users\scott\appdata\local\microsoft\windows\temporary internet files\content.ie5\p92isqjw\firefox%20setup%203.0.5[1].exe
+-------------------------------------------------------------------
Caught by rule: @ZTemp_IE_File
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = firefox
Product Version = 4.42
Company = mozilla
Description = firefox
Original Filename = 7zs.sfx.exe
File Version Label = 4.42
File Version Number = 4.42.0.0
MD5 Digest = 0x0a5be69f96a0b8bcb5cc624489564717
SHA-1 Digest = 0xa3bc99e32fa07fc5db3d2dfcddbfdc05400ec3a0
CRC32 Digest = 0x7f44bd3d
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\users\scott\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\aleuspuk\firefox%20setup%203.0.5[1].exe
+-------------------------------------------------------------------
Caught by rule: @ZTemp_IE_File
Autostart:
Score:
This has file duplicate CRC
File Version Count = 7 of 7
File Versions:
Product = firefox
Product Version = 4.42
Company = mozilla
Description = firefox
Original Filename = 7zs.sfx.exe
File Version Label = 4.42
File Version Number = 4.42.0.0
MD5 Digest = 0x0a5be69f96a0b8bcb5cc624489564717
SHA-1 Digest = 0xa3bc99e32fa07fc5db3d2dfcddbfdc05400ec3a0
CRC32 Digest = 0x7f44bd3d
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\arcsoftksufilter.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\arcsoftksufilter
imagepath = system32\drivers\arcsoftksufilter.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = arcsoft magic-i visual effect
Product Version = 3.5.0.19
Company = arcsoft, inc.
Description = no_data
Original Filename = arcsoftksufilter.sys
File Version Label = 3.5.0.19
File Version Number = 3.5.0.19
MD5 Digest = 0x6b3ab8f67b37402a4174caa45002903e
SHA-1 Digest = 0x3ddec645dcb58f9fe2fa5cc6e630fb8654d2348f
CRC32 Digest = 0x5fcc0242
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\djsvs.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\aic78xx
imagepath = \systemroot\system32\drivers\djsvs.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = no_data
Product Version = 6.0.0.0
Company = adaptec, inc.
Description = adaptec ultra scsi miniport
Original Filename = djsvs.sys
File Version Label = 6.0.0.0
File Version Number = 6.0.0.0
MD5 Digest = 0xae1fdf7bf7bb6c6a70f67699d880592a
SHA-1 Digest = 0x22563f865bcce9c9b4fc8178fca77257ae3de898
CRC32 Digest = 0xa4969a65
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\netw5v32.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\netw5v32
imagepath = system32\drivers\netw5v32.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = intel® wireless wifi link adapter
Product Version = no_data
Company = intel corporation
Description = intel® wireless wifi link driver
Original Filename = netw5v32.sys
File Version Label = 12.0.0.73
File Version Number = 12.0.0.73
MD5 Digest = 0xe559ea9138c77b5d1fda8c558764a25f
SHA-1 Digest = 0x36398f4849500ba238aa828177ffc8c8033b1401
CRC32 Digest = 0xe54e86f7
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\pxhelp20.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pxhelp20
imagepath = system32\drivers\pxhelp20.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = pxhelp20
Product Version = no_data
Company = sonic solutions
Description = px engine device driver for windows 2000/xp
Original Filename = pxhelp20.sys
File Version Label = 3.00.83a
File Version Number = 3.0.83.0
MD5 Digest = 0x153d02480a0a2f45785522e814c634b6
SHA-1 Digest = 0x7e7c1acfb251e124bb77cf851465d9abc4e922fb
CRC32 Digest = 0x3819e7f1
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\ql2300.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\ql2300
imagepath = \systemroot\system32\drivers\ql2300.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = qlogic fibre channel stor miniport driver
Product Version = 9.1.4.5
Company = qlogic corporation
Description = qlogic fibre channel stor miniport driver
Original Filename = no_data
File Version Label = 9.1.4.5
File Version Number = 9.1.4.5
MD5 Digest = 0x0a6db55afb7820c99aa1f3a1d270f4f6
SHA-1 Digest = 0xb1655a5eca84fc27ef93e4b6db1b22e9f97f3c85
CRC32 Digest = 0xa7df889d
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\swmsflt.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\swmsflt
imagepath = \systemroot\system32\drivers\swmsflt.sys
Score:
Autostart Count = 1
File Version Count = 3 of 7
File Versions:
Product = no_data
Product Version = no_data
Company = no_data
Description = sierra wireless usb mass storage filter driver
Original Filename = no_data
File Version Label = v1.1.2.0
File Version Number = 1.1.2.0
MD5 Digest = 0x851681f7d3200e2a646c5ee4d4e9883d
SHA-1 Digest = 0xdccd72472d5b8b024fb20cf7c87776ce22ea2347
CRC32 Digest = 0x289a5c94
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\swnc8u80.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\swnc8u80
imagepath = system32\drivers\swnc8u80.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = no_data
Product Version = 1.0
Company = sierra wireless inc.
Description = sierra wireless ndis driver
Original Filename = swndsmux.sys
File Version Label = 2.2.0.0 built by: winddk
File Version Number = 2.2.0.0
MD5 Digest = 0xca27e8ce559a9c0acc4f9ea468acf414
SHA-1 Digest = 0xab700f014cdafd1102a753aa5b8a2e0e2f6f8b9e
CRC32 Digest = 0x37f56e66
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\drivers\uliahci.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\uliahci
imagepath = \systemroot\system32\drivers\uliahci.sys
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = uli sata controller driver
Product Version = 6.302
Company = uli electronics inc.
Description = uli sata controller driver
Original Filename = no_data
File Version Label = 6.302
File Version Number = 6.3.0.2
MD5 Digest = 0x9224bb254f591de4ca8d572a5f0d635c
SHA-1 Digest = 0x8d9657c259ab09d092e4b0b3ecb7b3f00a198d33
CRC32 Digest = 0xbdc8b2f6
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\oobefldr.dll
+-------------------------------------------------------------------
Caught by rule: @TROJ_VUNDO1
Autostart:
registry vectors
hkey_current_user\software\microsoft\windows\currentversion\run
windowswelcomecenter = rundll32.exe oobefldr.dll,showwelcomecenter
Score:
Autostart Count = 1
File Version Count = 7 of 7
File Versions:
Product = microsoft® windows® operating system
Product Version = 6.0.6001.18000
Company = microsoft corporation
Description = welcome center
Original Filename = oobefldr.dll.mui
File Version Label = 6.0.6001.18000 (longhorn_rtm.080118-1840)
File Version Number = 6.0.6001.18000
MD5 Digest = 0x83e4a5435b0fa6ad0166722621a04725
SHA-1 Digest = 0xa41934d97b53a8e71e25c9abe2aa619ccdabcdd7
CRC32 Digest = 0x48b1d434
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\pcasvc.dll
+-------------------------------------------------------------------
Caught by rule: @ZPossilbe_MAL
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pcasvc\parameters
servicedll = %systemroot%\system32\pcasvc.dll
Score:
Autostart Count = 1
File Version Count = 6 of 7
File Versions:
Product = microsoft® windows® operating system
Product Version = 6.0.6000.16386
Company = microsoft corporation
Description = program compatibility assistant service
Original Filename = no_data
File Version Label = 6.0.6000.16386 (vista_rtm.061101-2205)
File Version Number = 6.0.6001.18000
MD5 Digest = 0xc6276ad11f4bb49b58aa1ed88537f14a
SHA-1 Digest = 0x1b5e05d45bbceba49d46245926c1093b8c5f7486
CRC32 Digest = 0x083be4e3
Rootkit Property = normal
+-------------------------------------------------------------------
|c:\windows\system32\pctindis5.sys
+-------------------------------------------------------------------
Caught by rule: @ZPossible_RTKT
Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pctindis5
imagepath = \??\c:\windows\system32\pctindis5.sys
Score:
Autostart Count = 1
File Version Count = 7 of 7
File Versions:
Product