Flummoxd
2014-03-23, 23:35
Was recommended to use S&D, so installed the free home version: 2.2.21.0. Thanks Guys!
Running Windows 8.1; fully patched. Other security S/W is Windows Defender and Malwarebytes (scan on demand).
Ran deep scan for rootkits. Got multiple red and amber flags. Stopped Windows Restore and deleted all restore points. Deleted the flagged items as suggested. Rebooted and reran the rootkit scan and the flags came back again. Herewith the S&D log:
// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Pictures:ms-properties:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Kor\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Cht\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMESC\","DUState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMEJP\DictionaryUpdate\","DUState"
All suggestions welcome, please.
(Novice User!)
Thanks!:red:
Running Windows 8.1; fully patched. Other security S/W is Windows Defender and Malwarebytes (scan on demand).
Ran deep scan for rootkits. Got multiple red and amber flags. Stopped Windows Restore and deleted all restore points. Deleted the flagged items as suggested. Rebooted and reran the rootkit scan and the flags came back again. Herewith the S&D log:
// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Pictures:ms-properties:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Kor\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Cht\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMESC\","DUState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMEJP\DictionaryUpdate\","DUState"
All suggestions welcome, please.
(Novice User!)
Thanks!:red: