PDA

View Full Version : so here'sa log


treelight
2014-12-20, 22:12
do I have to worry?

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20121113-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","S-1-5-21-1533950907-162137601-864722444-1000"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"

I've seen shadow copy and other spooky stuff.


thank you.
tashi
2014-12-21, 04:02
Hello treelight, :greeting:

That part of the log shows System Diagnostics and Microsoft files.



I've seen shadow copy and other spooky stuff.


Volume Shadow Copy Service
http://technet.microsoft.com/en-us/library/ee923636%28v=ws.10%29.aspx

:)

How is the computer running, any issues?
treelight
2014-12-21, 16:00
Thanks for the looksee. Actually the last time I rebooted I got a c drive needs to be checked
and the system went through a three stage process, the last stage took forever and $ISS files were
being rebuilt/written. The only way I could boot up was to go through the dialogue three times and within a
second hit any key and I got the regular reboot screen. That was the first reboot after the rootkit scan.

I already have back-ups being done automatically by MS back-up and restore, why the need for the shadow copies?

The thing that made think things might be amiss was the computer would be very quiet and then all of a sudden sound
as if it was grinding coffee. ughh I hate computers.
tashi
2014-12-21, 16:37
Hi treelight,

Please go to 'What The Tech', register and start a topic in their General Hardware (http://forums.whatthetech.com/index.php?showforum=126) forum.

Provide a link back to this thread please. :)

Best regards.
treelight
2014-12-21, 18:39
okay thanks Tashi, I've done what you asked.