Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Duplicate files in windows system32 shutting down Microtrend security


  • Please log in to reply

#1
kingslippers

kingslippers

    New Member

  • Member
  • Pip
  • 1 posts
Windows box comes on saying widows has stopped working which is responsible for operating all trend micro security components. When i scan with trend, it shows all the files being scanned as they are being scanned. As it is scanning i see C:\\windows\system32 etc the files well as it is going through the files the files go from big C:\\ to little c:\\system32 files. I know that all the little c: files are all probably virus files that are causing my security software to shut down. I go into the system 32 files but have no idea which ones are the little c and the big C. I did see one file that was highlighted in blue. I went and deleted it but something weird happened like the virus did something to it. it isnt there anymore but i know it did something with system 32 etc. Here is my log. i also will include one other log from trend micro security so that with all the info, i hope it will make it alot easier for someone to help me and less hassle for the person willing to help me.One more thing i went to a website i have been going to and all of a sudden Trend tells me its a dangerous website. You know it could have been that someone Phished that website which caused trend to say that. Is that possible. Now of course i did go to it anyway which i shouldnt have. Here is the thing, when i did go to it, a java icon would pop up at the bottom of my taskbar which it never did that before. I dont know if that is related also. Thanks for anyhelp u can give. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:47 PM, on 12/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\DDI\AOLICON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\scott\Desktop\SIC 5.0 Build 1004\SICWin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: AOLDDI.LNK = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe





-------------------------------------------------------------------
SIC Log Reader (SLR) Ver 5.0.0.0000
-------------------------------------------------------------------

Greetings!

Thank you for consulting TrendLabs HQ.

Below are the analyses for the submitted log file(s):

[--SIC log analysis--]
Computer Name: scott-pc
User Name: scott
Date/Time: 12-26-2008 18:44:01
Suspicious files:

c:\ddi\aolicon.exe
c:\program files\common files\sony shared\avlib\mscsptisrv.exe
c:\program files\common files\sony shared\avlib\pacsptisvr.exe
c:\program files\installshield installation information\{01fdc9fc-4d4f-4db0-acd1-d3e8e1d52902}\setup.exe
c:\program files\installshield installation information\{36c41d70-56f5-4e2b-81da-6beb7502d7a1}\setup.exe
c:\program files\installshield installation information\{3d173dc5-4ae5-4b3f-9819-3977dd11b1d0}\setup.exe
c:\program files\installshield installation information\{5c5ee8f2-0b38-4c13-ae4e-a87a237fe718}\setup.exe
c:\program files\installshield installation information\{68a69cff-130d-4cde-ab0e-7374ecb144c8}\setup.exe
c:\program files\installshield installation information\{6b1f20f2-6321-4669-a58c-33df8e7517ff}\setup.exe
c:\program files\installshield installation information\{6fa8ba2c-052b-4072-b8e2-2302c268be9e}\setup.exe
c:\program files\installshield installation information\{b25563a0-41f4-4a81-a6c1-6dbc0911b1f3}\setup.exe
c:\program files\installshield installation information\{b2c4a8c4-aa20-425d-9fee-c78039238c81}\setup.exe
c:\program files\installshield installation information\{b34b6e67-fcdd-4e03-8742-b5701427fafb}\setup.exe
c:\program files\installshield installation information\{bbbcae4b-b416-4182-a6f2-438180894a81}\setup.exe
c:\program files\installshield installation information\{cb8a8696-93ec-414e-a752-850ab133f68a}\setup.exe
c:\program files\installshield installation information\{ce2121c6-c94d-4a73-8ea4-6943f33ee335}\setup.exe
c:\program files\installshield installation information\{d5068583-d569-468b-9755-5fbf5848f46f}\setup.exe
c:\program files\installshield installation information\{fd72e69e-cf34-4071-bfd6-fd081a365e2c}\setup.exe
c:\program files\installshield installation information\{fe697886-f392-4e0d-a0c0-47587bf60992}\setup.exe
c:\program files\real\realplayer\rpbrowserrecordplugin.dll
c:\program files\sony\isb utility\isbmgr.exe
c:\program files\sony\vaio my memory center\vaio mymemcenter.exe
c:\program files\sony\vaio survey\vaio sat survey.exe
c:\users\scott\appdata\local\microsoft\windows\temporary internet files\content.ie5\p92isqjw\firefox%20setup%203.0.5[1].exe
c:\users\scott\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\aleuspuk\firefox%20setup%203.0.5[1].exe
c:\windows\system32\drivers\arcsoftksufilter.sys
c:\windows\system32\drivers\djsvs.sys
c:\windows\system32\drivers\netw5v32.sys
c:\windows\system32\drivers\pxhelp20.sys
c:\windows\system32\drivers\ql2300.sys
c:\windows\system32\drivers\swmsflt.sys
c:\windows\system32\drivers\swnc8u80.sys
c:\windows\system32\drivers\uliahci.sys
c:\windows\system32\oobefldr.dll
c:\windows\system32\pcasvc.dll
c:\windows\system32\pctindis5.sys


Suspicious file(s) details:

+-------------------------------------------------------------------
|c:\ddi\aolicon.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
Windows Services:
Command Line = c:\windows\system32\msiexec /v
Display Name = windows installer
Service Name = msiserver
Startup Type = demand_start
State = stopped
Windows Services:
Command Line =
Display Name = stopped
Service Name = vaio entertainment tv device arbitration servicevaio entertainment tv device arbitration service
Startup Type = [cache]"c:\program files\common files\sony shared\vaio entertainment platform\vzhardwareresourcemanager\vzhardwareresourcemanager\vzhardwareresourcemanager.exe"
State = demand_start

Score:
Autostart Count = 2
Process Count = 1
File Version Count = 1 of 7

File Versions:
Product = no_data
Product Version = no_data
Company = no_data
Description = no_data
Original Filename = no_data
File Version Label = no_data
File Version Number = 0.0.0.0
MD5 Digest = 0x133e5f492fe58f893993e0f34fc7b904
SHA-1 Digest = 0xc6bfcb85d64997f2cb9d4dbd255f53e67247eba8
CRC32 Digest = 0x78ebfb06
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\common files\sony shared\avlib\mscsptisrv.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\mscsptisrv
imagepath = "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
Windows Services:
Command Line = "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
Display Name = mscsptisrv
Service Name = mscsptisrv
Startup Type = demand_start
State = stopped

Score:
Autostart Count = 2
File Version Count = 6 of 7

File Versions:
Product = mscsptisrv module
Product Version = 5.1.00.05200
Company = sony corporation
Description = mscsptisrv module
Original Filename = no_data
File Version Label = 5.1.00.05200
File Version Number = 5.1.0.5200
MD5 Digest = 0xa99d2c7e30ad63ef920a894131caf5f7
SHA-1 Digest = 0x902c9bed3626cabaca1abd0f9ef5503cdfee87eb
CRC32 Digest = 0x78cc9cd9
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\common files\sony shared\avlib\pacsptisvr.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pacsptisvr
imagepath = "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
Windows Services:
Command Line = "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
Display Name = pacsptisvr
Service Name = pacsptisvr
Startup Type = demand_start
State = stopped

Score:
Autostart Count = 2
File Version Count = 6 of 7

File Versions:
Product = pacsptisvr module
Product Version = 5.1.00.05200
Company = sony corporation
Description = pacsptisvr module
Original Filename = no_data
File Version Label = 5.1.00.05200
File Version Number = 5.1.0.5200
MD5 Digest = 0x41c33fb4fd929fed732a00d2daef5be0
SHA-1 Digest = 0xbc61260a405ff12e86a409608bdc29c5055e34a3
CRC32 Digest = 0xe189d9b4
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{01fdc9fc-4d4f-4db0-acd1-d3e8e1d52902}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{36c41d70-56f5-4e2b-81da-6beb7502d7a1}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{3d173dc5-4ae5-4b3f-9819-3977dd11b1d0}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{5c5ee8f2-0b38-4c13-ae4e-a87a237fe718}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{68a69cff-130d-4cde-ab0e-7374ecb144c8}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{6b1f20f2-6321-4669-a58c-33df8e7517ff}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{6fa8ba2c-052b-4072-b8e2-2302c268be9e}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b25563a0-41f4-4a81-a6c1-6dbc0911b1f3}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b2c4a8c4-aa20-425d-9fee-c78039238c81}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{b34b6e67-fcdd-4e03-8742-b5701427fafb}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{bbbcae4b-b416-4182-a6f2-438180894a81}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{cb8a8696-93ec-414e-a752-850ab133f68a}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{ce2121c6-c94d-4a73-8ea4-6943f33ee335}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{d5068583-d569-468b-9755-5fbf5848f46f}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{fd72e69e-cf34-4071-bfd6-fd081a365e2c}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\installshield installation information\{fe697886-f392-4e0d-a0c0-47587bf60992}\setup.exe
+-------------------------------------------------------------------

Caught by rule: @Zdupcrc

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = installshield
Product Version = 12.0
Company = macrovision corporation
Description = setup.exe
Original Filename = setup.exe
File Version Label = 12.0.58855
File Version Number = 12.0.0.58855
MD5 Digest = 0xa205551e7ba8580d2c0ff896a4d79fa9
SHA-1 Digest = 0x9ff246b43b25422db7f6e48a649039b60f0456d6
CRC32 Digest = 0x59aa62d5
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\real\realplayer\rpbrowserrecordplugin.dll
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
browser helper objects
hkey_classes_root\clsid\{3049c3e9-b461-4bc5-8870-4c09146192ca}\inprocserver32
(default) = c:\program files\real\realplayer\rpbrowserrecordplugin.dll

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = no_data
Product Version = 1.0.1.85
Company = realplayer
Description = realplayer download and record plugin for internet explorer
Original Filename = rpbrowserrecordplugin.dll
File Version Label = 1.0.1.85
File Version Number = 1.0.1.85
MD5 Digest = 0xba0b225d8fda9b22f22f5816873eb9fe
SHA-1 Digest = 0xe7a2f8995169a47e376978c3e3568e3df2e62493
CRC32 Digest = 0x777276e9
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\sony\isb utility\isbmgr.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
isbmgr.exe = "c:\program files\sony\isb utility\isbmgr.exe"

Score:
Autostart Count = 1
Process Count = 1
File Version Count = 5 of 7

File Versions:
Product = isb utility
Product Version = 3.0.00
Company = sony corporation
Description = no_data
Original Filename = no_data
File Version Label = 3.0.00.04030
File Version Number = 3.0.0.4030
MD5 Digest = 0xc61dfed19704fa252702727efcff97c3
SHA-1 Digest = 0x4c7c4787b7bc7ef2cde379068ccfc90fca58e5c9
CRC32 Digest = 0x34e7d909
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\sony\vaio my memory center\vaio mymemcenter.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
vaiomymemcenter = "c:\program files\sony\vaio my memory center\vaio mymemcenter.exe" 1

Score:
Autostart Count = 1
File Version Count = 5 of 7

File Versions:
Product = no_data
Product Version = 0.0.0.0
Company = no_data
Description =
Original Filename = vaio mymemcenter.exe
File Version Label = 0.0.0.0
File Version Number = 0.0.0.0
MD5 Digest = 0x07b5ab2f18902ce328e38a8101cbd3f7
SHA-1 Digest = 0xfa16a7ac0ac470e3d716bcbd20f5c9500df9ff3c
CRC32 Digest = 0xa3e93b3c
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\program files\sony\vaio survey\vaio sat survey.exe
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry vectors
hkey_local_machine\software\microsoft\windows\currentversion\run
vaiosurvey = "c:\program files\sony\vaio survey\vaio sat survey.exe"

Score:
Autostart Count = 1
File Version Count = 5 of 7

File Versions:
Product = no_data
Product Version = 0.0.0.0
Company = no_data
Description =
Original Filename = vaio sat survey.exe
File Version Label = 0.0.0.0
File Version Number = 0.0.0.0
MD5 Digest = 0xe51449759ec41555a38689bd4f62ad76
SHA-1 Digest = 0x0c8509406cba9986aea77908fe4723b1323902a9
CRC32 Digest = 0x24886889
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\users\scott\appdata\local\microsoft\windows\temporary internet files\content.ie5\p92isqjw\firefox%20setup%203.0.5[1].exe
+-------------------------------------------------------------------

Caught by rule: @ZTemp_IE_File

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = firefox
Product Version = 4.42
Company = mozilla
Description = firefox
Original Filename = 7zs.sfx.exe
File Version Label = 4.42
File Version Number = 4.42.0.0
MD5 Digest = 0x0a5be69f96a0b8bcb5cc624489564717
SHA-1 Digest = 0xa3bc99e32fa07fc5db3d2dfcddbfdc05400ec3a0
CRC32 Digest = 0x7f44bd3d
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\users\scott\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\aleuspuk\firefox%20setup%203.0.5[1].exe
+-------------------------------------------------------------------

Caught by rule: @ZTemp_IE_File

Autostart:

Score:
This has file duplicate CRC
File Version Count = 7 of 7

File Versions:
Product = firefox
Product Version = 4.42
Company = mozilla
Description = firefox
Original Filename = 7zs.sfx.exe
File Version Label = 4.42
File Version Number = 4.42.0.0
MD5 Digest = 0x0a5be69f96a0b8bcb5cc624489564717
SHA-1 Digest = 0xa3bc99e32fa07fc5db3d2dfcddbfdc05400ec3a0
CRC32 Digest = 0x7f44bd3d
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\arcsoftksufilter.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\arcsoftksufilter
imagepath = system32\drivers\arcsoftksufilter.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = arcsoft magic-i visual effect
Product Version = 3.5.0.19
Company = arcsoft, inc.
Description = no_data
Original Filename = arcsoftksufilter.sys
File Version Label = 3.5.0.19
File Version Number = 3.5.0.19
MD5 Digest = 0x6b3ab8f67b37402a4174caa45002903e
SHA-1 Digest = 0x3ddec645dcb58f9fe2fa5cc6e630fb8654d2348f
CRC32 Digest = 0x5fcc0242
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\djsvs.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\aic78xx
imagepath = \systemroot\system32\drivers\djsvs.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = no_data
Product Version = 6.0.0.0
Company = adaptec, inc.
Description = adaptec ultra scsi miniport
Original Filename = djsvs.sys
File Version Label = 6.0.0.0
File Version Number = 6.0.0.0
MD5 Digest = 0xae1fdf7bf7bb6c6a70f67699d880592a
SHA-1 Digest = 0x22563f865bcce9c9b4fc8178fca77257ae3de898
CRC32 Digest = 0xa4969a65
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\netw5v32.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\netw5v32
imagepath = system32\drivers\netw5v32.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = intel® wireless wifi link adapter
Product Version = no_data
Company = intel corporation
Description = intel® wireless wifi link driver
Original Filename = netw5v32.sys
File Version Label = 12.0.0.73
File Version Number = 12.0.0.73
MD5 Digest = 0xe559ea9138c77b5d1fda8c558764a25f
SHA-1 Digest = 0x36398f4849500ba238aa828177ffc8c8033b1401
CRC32 Digest = 0xe54e86f7
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\pxhelp20.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pxhelp20
imagepath = system32\drivers\pxhelp20.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = pxhelp20
Product Version = no_data
Company = sonic solutions
Description = px engine device driver for windows 2000/xp
Original Filename = pxhelp20.sys
File Version Label = 3.00.83a
File Version Number = 3.0.83.0
MD5 Digest = 0x153d02480a0a2f45785522e814c634b6
SHA-1 Digest = 0x7e7c1acfb251e124bb77cf851465d9abc4e922fb
CRC32 Digest = 0x3819e7f1
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\ql2300.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\ql2300
imagepath = \systemroot\system32\drivers\ql2300.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = qlogic fibre channel stor miniport driver
Product Version = 9.1.4.5
Company = qlogic corporation
Description = qlogic fibre channel stor miniport driver
Original Filename = no_data
File Version Label = 9.1.4.5
File Version Number = 9.1.4.5
MD5 Digest = 0x0a6db55afb7820c99aa1f3a1d270f4f6
SHA-1 Digest = 0xb1655a5eca84fc27ef93e4b6db1b22e9f97f3c85
CRC32 Digest = 0xa7df889d
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\swmsflt.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\swmsflt
imagepath = \systemroot\system32\drivers\swmsflt.sys

Score:
Autostart Count = 1
File Version Count = 3 of 7

File Versions:
Product = no_data
Product Version = no_data
Company = no_data
Description = sierra wireless usb mass storage filter driver
Original Filename = no_data
File Version Label = v1.1.2.0
File Version Number = 1.1.2.0
MD5 Digest = 0x851681f7d3200e2a646c5ee4d4e9883d
SHA-1 Digest = 0xdccd72472d5b8b024fb20cf7c87776ce22ea2347
CRC32 Digest = 0x289a5c94
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\swnc8u80.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\swnc8u80
imagepath = system32\drivers\swnc8u80.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = no_data
Product Version = 1.0
Company = sierra wireless inc.
Description = sierra wireless ndis driver
Original Filename = swndsmux.sys
File Version Label = 2.2.0.0 built by: winddk
File Version Number = 2.2.0.0
MD5 Digest = 0xca27e8ce559a9c0acc4f9ea468acf414
SHA-1 Digest = 0xab700f014cdafd1102a753aa5b8a2e0e2f6f8b9e
CRC32 Digest = 0x37f56e66
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\drivers\uliahci.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\uliahci
imagepath = \systemroot\system32\drivers\uliahci.sys

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = uli sata controller driver
Product Version = 6.302
Company = uli electronics inc.
Description = uli sata controller driver
Original Filename = no_data
File Version Label = 6.302
File Version Number = 6.3.0.2
MD5 Digest = 0x9224bb254f591de4ca8d572a5f0d635c
SHA-1 Digest = 0x8d9657c259ab09d092e4b0b3ecb7b3f00a198d33
CRC32 Digest = 0xbdc8b2f6
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\oobefldr.dll
+-------------------------------------------------------------------

Caught by rule: @TROJ_VUNDO1

Autostart:
registry vectors
hkey_current_user\software\microsoft\windows\currentversion\run
windowswelcomecenter = rundll32.exe oobefldr.dll,showwelcomecenter

Score:
Autostart Count = 1
File Version Count = 7 of 7

File Versions:
Product = microsoft® windows® operating system
Product Version = 6.0.6001.18000
Company = microsoft corporation
Description = welcome center
Original Filename = oobefldr.dll.mui
File Version Label = 6.0.6001.18000 (longhorn_rtm.080118-1840)
File Version Number = 6.0.6001.18000
MD5 Digest = 0x83e4a5435b0fa6ad0166722621a04725
SHA-1 Digest = 0xa41934d97b53a8e71e25c9abe2aa619ccdabcdd7
CRC32 Digest = 0x48b1d434
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\pcasvc.dll
+-------------------------------------------------------------------

Caught by rule: @ZPossilbe_MAL

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pcasvc\parameters
servicedll = %systemroot%\system32\pcasvc.dll

Score:
Autostart Count = 1
File Version Count = 6 of 7

File Versions:
Product = microsoft® windows® operating system
Product Version = 6.0.6000.16386
Company = microsoft corporation
Description = program compatibility assistant service
Original Filename = no_data
File Version Label = 6.0.6000.16386 (vista_rtm.061101-2205)
File Version Number = 6.0.6001.18000
MD5 Digest = 0xc6276ad11f4bb49b58aa1ed88537f14a
SHA-1 Digest = 0x1b5e05d45bbceba49d46245926c1093b8c5f7486
CRC32 Digest = 0x083be4e3
Rootkit Property = normal

+-------------------------------------------------------------------
|c:\windows\system32\pctindis5.sys
+-------------------------------------------------------------------

Caught by rule: @ZPossible_RTKT

Autostart:
registry services
hkey_local_machine\system\currentcontrolset\services\pctindis5
imagepath = \??\c:\windows\system32\pctindis5.sys

Score:
Autostart Count = 1
File Version Count = 7 of 7

File Versions:
Product
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP