Results 1 to 5 of 5

Thread: Rootkit Deepscan results - help needed

  1. #1
    Junior Member
    Join Date
    Mar 2015
    Posts
    6

    Default Rootkit Deepscan results - help needed

    Hello

    I ran a deep rootalyzer scan on my gf's computer, and here are the results:

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Users\lufugo82\SkyDrive:ms-properties:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R2ZNW28:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R522YZ7:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R9BTG8H:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RBQ02YA:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RBVG2LR:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RCIO2FA:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RDZXOFF:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$REUHS62:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RIL0NWU:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RILWPUU:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RKRIM8P:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RL2V3NY:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RM7WX3Z:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RN40EI4:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RORB6A4:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RPDX3EB:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RPISEIW:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RQFIN2H:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RRZWD1R:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RTVSA6K:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RU7U2VF:ms-properties:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Jpn\","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"


    Should I be worried about any of these? This is all very mysterious to me so any help would be greatly appreciated!

    Thank you

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello eltopo,

    As presented those entries don't raise a flag.

    Is there a particular reason you ran a rootkit scan?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Mar 2015
    Posts
    6

    Default

    Hi Toshi

    Thanks for replying - this computer is acting very very slow, during startup and during normal use, including when starting a new application. I have done all the basic checks (unnecessary programs, disk space, malware/viruses, defrag, etc). I don't think it's the RAM since the laptop was running fine when it was new, about a year ago. So before going for the nuclear option of reinstalling Windows I thought I'd check for rookits...

    Thanks for your help!

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello eltopo,

    Quote Originally Posted by eltopo View Post
    this computer is acting very very slow, during startup and during normal use, including when starting a new application. I have done all the basic checks (unnecessary programs, disk space, malware/viruses, defrag, etc). I don't think it's the RAM since the laptop was running fine when it was new, about a year ago. So before going for the nuclear option of reinstalling Windows I thought I'd check for rookits...
    It might be best for someone to take a look at the system to either rule out an infection or clean one up.

    Please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Mar 2015
    Posts
    6

    Default

    OK, thanks a lot for your help Tashi!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •