View Full Version : Are these ok or malware?

2013-04-08, 05:25
Just ran deep root kit scan in Spybot 2 and came up with these results:

Type: File
Object: System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA
Location: C:\Windows\PLA\System\
Details: Unknown ADS

Type: File
Object: report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA
Location: C:\PerfLogs\System\Diagnostics\LAPTOP_20130307-000001\
Details: Unknown ADS

Type: File
Location: C:\OEM\Preload\Autorun\APP\
Details: Unknown ADS

I'm using Windows 7, AT&T U-Verse, via password protected wireless connection to laptop. Internet speed is very slow on my pc - download speed via speedtest.net 2-3 mbs, but download speed on other computer is 16-17 mbs. Other scans coming up clean, which is why I ran the root kit deep scan.

I tried researching these files, couldn't find anything online.

Thanks for any help. :thanks:

2013-04-15, 18:05

That are no Rootkits.
Just some diagnostic files.

If you get ‘No admin in ACL’ this threads in our forum should help explaining:
Unknown ADS and no Admin in ACL what is good and what is bad??? (http://forums.spybot.info/showthread.php?t=27446)
Unknown ADS (http://forums.spybot.info/showthread.php?t=68086) .

Malware sometimes uses rootkit technology to hide itself at system level.
This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

The deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point (http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions) before doing that.

Best regards
Team Spybot