2014-05-20, 02:27
Hi, I need some help interpreting the results of a RootAlyzer scan. This is the first time I've used it and the scan has identified files and a registry key as possible malware.

File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Users\User\Pictures\PHONE Nok 2009-13 6303 Classic\2013-05-03 PHONE Nokia 6303 classic\PHONE Nokia 6303 classic 001.mp4:TOC.WMV:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20140408-0011\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20140301-0010\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20140301-0009\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20140213-0008\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20131220-0007\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"

I have fairly basic computer know how and am not sure what to make of these results. I am particularly concerned about the Registry key as this seems to be associated with Microsoft Security center and is flagged red. I am not sure what most of the files refer to apart from pictures downloaded from a mobile.

Help and advice appreciated.

2014-05-20, 09:23
Hello Palmer,

Those entries do not look bad, mostly diagnostic files.

How is your computer running? :)

Best regards.

2014-05-20, 22:15
Hello Tashi,

Thanks for your advice. My computer is glitchy and temperamental at the moment which is why I ran the RootAlyzer. However I think the behaviour is mainly due to a lack of RAM. It is fairly old and needs a memory boost.