View Full Version : so here'sa log

2014-12-20, 22:12
do I have to worry?

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20121113-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","S-1-5-21-1533950907-162137601-864722444-1000"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"

I've seen shadow copy and other spooky stuff.

thank you.

2014-12-21, 04:02
Hello treelight, :greeting:

That part of the log shows System Diagnostics and Microsoft files.

I've seen shadow copy and other spooky stuff.

Volume Shadow Copy Service


How is the computer running, any issues?

2014-12-21, 16:00
Thanks for the looksee. Actually the last time I rebooted I got a c drive needs to be checked
and the system went through a three stage process, the last stage took forever and $ISS files were
being rebuilt/written. The only way I could boot up was to go through the dialogue three times and within a
second hit any key and I got the regular reboot screen. That was the first reboot after the rootkit scan.

I already have back-ups being done automatically by MS back-up and restore, why the need for the shadow copies?

The thing that made think things might be amiss was the computer would be very quiet and then all of a sudden sound
as if it was grinding coffee. ughh I hate computers.

2014-12-21, 16:37
Hi treelight,

Please go to 'What The Tech', register and start a topic in their General Hardware (http://forums.whatthetech.com/index.php?showforum=126) forum.

Provide a link back to this thread please. :)

Best regards.

2014-12-21, 18:39
okay thanks Tashi, I've done what you asked.