Root Anylizer, red and yellow flags etc... what does this mean and what should I do? [Archive]

View Full Version : Root Anylizer, red and yellow flags etc... what does this mean and what should I do?

frankooooo

2017-07-27, 16:01

// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\Shell\CreateObjectTask"
File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackgroundUploadTask"
File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft\Windows\DeviceMetadataStore:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\MSBuild:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109831090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1BF4A48A307DBD84980E866B94D98210:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2D6F4B0BEA2FA1544969F6F2A698B723:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2DA216A277B7494489BD1F1FA1B4FF59:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\844C97FE649617D41843300487880C45:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\87824B78CE79BB646AFA3D705666CB86:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Public\Your iPage Order Confirmation - owner :ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Pictures\walmart.png:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\1996 Chevy Lumina 4 door V.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Gmail - Ford Spark Plug Settlement, Claim # AM10393507.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Medication Record Resident.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Photo by Walgreens _ Order Confirmation.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Photo by Walgreens _ Order Confirmation2.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\planer+downrigging.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\pws.txt:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\gary.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ10th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ5th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ8th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ9th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJandGums.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJandJessica.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJbirthdayparty.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\ajGobooks.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJgradeschoolage.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJnJessicaNGrandmaNgrandpa.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJwhatYear.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\cedarpoint.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess7thgradeHonors1.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess7thgradeHonors2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess8thgradehonor1.png.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess8thgradeHonors2.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\jessica10thgrade.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessicaXmasShow.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessNJustin.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessZoo.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JustinVisiting.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\LkStClairMid90s.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (10).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (10).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (11).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (12).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (13).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (14).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (15).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (16).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (17).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (18).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (19).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (2).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (20).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (21).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (22).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (23).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (24).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (25).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (26).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (27).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (28).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (29).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (3).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (30).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (31).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (32).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (33).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (34).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (35).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (36).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (37).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (38).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (39).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (4).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (4).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (40).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (41).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (42).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (43).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (44).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (45).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (46).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (47).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (48).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (49).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (5).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (5).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (50).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (51).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (52).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (53).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (54).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (55).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (56).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (57).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (58).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (59).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (6).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (6).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (60).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (61).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (62).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (63).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (64).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (65).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (66).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (67).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (68).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (69).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (7).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (7).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (8).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (8).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (9).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (9).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Roaming\Microsoft\IdentityCRL\production:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Local\VirtualStore\Program Files (x86)\Corel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Local\VirtualStore\Program Files (x86)\Corel\Corel PaintShop Pro X9:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\HP:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\HP Photo Creations:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\SupportAssist\Client:Win32App_1:$DATA"
File:"No admin in ACL","C:\ProgramData\Protexis64\27026335.sys"
File:"No admin in ACL","C:\ProgramData\Protexis64\B002E8B3B8.sys"
File:"No admin in ACL","C:\ProgramData\Protexis64\KGyGaAvL.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\27026335.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\B002E8B3B8.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\KGyGaAvL.sys"
File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\Windows\DeviceMetadataStore:Win32App_1:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\McAfee\Proxy\data"
File:"Unknown ADS","C:\ProgramData\Dell\QuickSet:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\CyberLink\CLDShowX.ini:Update.CL:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Corel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Backup and Recovery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Customer Connect:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Digital Delivery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Wireless:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ImgBurn:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio 8:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MSBuild:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Wyse\PocketCloud:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Wyse\PocketCloud\en-US:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Contacts:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Works\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio\COMMON\IDE\IDE98:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.1:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1036:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\3082:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\McAfee\SiteAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LG Electronics\LG Mobile Driver:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LG Electronics\LG United Mobile Drivers:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel Control Center:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\HP Software Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\IrisOCR_12.3.4.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\IrisOCR_12.3.7.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\HP Officejet 5740 series\bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\Common\HPDestPlgIn:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Wireless\Bluetooth Suite:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell\SupportAssistAgent:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell\SupportAssistAgent\bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Power2Go8:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDirector10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\BIL:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\Resources\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\SFPCA Cache:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Groove.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\InfoPath.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.WW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Brother\PE-DESIGN 8 (Trial Version):Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\McAfee:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune\en-US:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\HP\HP Officejet 5740 series:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\HP\HP Officejet 5740 series\Bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\DellDataVault:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\QuickSet:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SARemediation:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SupportAssist:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SupportAssistAgent:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\QuickSet\help:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Jpn","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

tashi

2017-07-27, 20:41

Hello frankooooo,

The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.

As the log isn't waving a flag could you tell me how the computer is running, was there a particular reason for running a rootkit scan? :)

Best regards.

frankooooo

2017-07-28, 17:10

Thanks for your response. I only suspect that there may be too many tracking or malware type stuff going on in my laptop Windows 10, considering the way things are these days... and my wifi video streaming stuff seems to be slower than it should be from this laptop.... the items with the red flags gives me the impression that they are bad?

tashi

2017-07-28, 17:33

Hello frankooooo,

the items with the red flags gives me the impression that they are bad?

Could you copy and paste only the red flag items here please.

Also please list all security software installed. :)

Best regards.

frankooooo

2017-08-16, 20:48

Hello frankooooo,

Could you copy and paste only the red flag items here please.

Also please list all security software installed. :)

Best regards.

sorry for not responding sooner...

// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\Shell\CreateObjectTask"
File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackgroundUploadTask"
File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft\Windows\DeviceMetadataStore:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\MSBuild:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109831090400000000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1BF4A48A307DBD84980E866B94D98210:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2D6F4B0BEA2FA1544969F6F2A698B723:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2DA216A277B7494489BD1F1FA1B4FF59:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\844C97FE649617D41843300487880C45:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\87824B78CE79BB646AFA3D705666CB86:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Public\Your iPage Order Confirmation - fjamedurejr@gmail.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Pictures\walmart.png:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\1996 Chevy Lumina 4 door V.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Gmail - Ford Spark Plug Settlement, Claim # AM10393507.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Medication Record Resident.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Photo by Walgreens _ Order Confirmation.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\Photo by Walgreens _ Order Confirmation2.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\planer+downrigging.docx:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\SkyDrive\Documents\pws.txt:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\gary.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ10th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ5th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ8th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJ9th.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJandGums.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJandJessica.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJbirthdayparty.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\ajGobooks.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJgradeschoolage.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJnJessicaNGrandmaNgrandpa.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\AJwhatYear.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\cedarpoint.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess7thgradeHonors1.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess7thgradeHonors2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess8thgradehonor1.png.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\Jess8thgradeHonors2.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\jessica10thgrade.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessicaXmasShow.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessNJustin.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JessZoo.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\JustinVisiting.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Pictures\oldfampics\LkStClairMid90s.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (10).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (10).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (11).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (12).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (13).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (14).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (15).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (16).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (17).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (18).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (19).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (2).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (20).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (21).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (22).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (23).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (24).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (25).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (26).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (27).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (28).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (29).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (3).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (30).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (31).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (32).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (33).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (34).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (35).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (36).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (37).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (38).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (39).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (4).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (4).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (40).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (41).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (42).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (43).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (44).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (45).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (46).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (47).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (48).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (49).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (5).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (5).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (50).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (51).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (52).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (53).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (54).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (55).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (56).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (57).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (58).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (59).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (6).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (6).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (60).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (61).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (62).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (63).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (64).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (65).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (66).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (67).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (68).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (69).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (7).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (7).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (8).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (8).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (9).jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image (9).png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Image.png:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Roaming\Microsoft\IdentityCRL\production:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Local\VirtualStore\Program Files (x86)\Corel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\Frank\AppData\Local\VirtualStore\Program Files (x86)\Corel\Corel PaintShop Pro X9:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\HP:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\HP Photo Creations:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\SupportAssist\Client:Win32App_1:$DATA"
File:"No admin in ACL","C:\ProgramData\Protexis64\27026335.sys"
File:"No admin in ACL","C:\ProgramData\Protexis64\B002E8B3B8.sys"
File:"No admin in ACL","C:\ProgramData\Protexis64\KGyGaAvL.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\27026335.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\B002E8B3B8.sys"
File:"No admin in ACL","C:\ProgramData\Protexis\KGyGaAvL.sys"
File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\Windows\DeviceMetadataStore:Win32App_1:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\McAfee\Proxy\data"
File:"Unknown ADS","C:\ProgramData\Dell\QuickSet:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\CyberLink\CLDShowX.ini:Update.CL:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Corel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Backup and Recovery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Customer Connect:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Digital Delivery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Wireless:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ImgBurn:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio 8:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MSBuild:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Wyse\PocketCloud:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Wyse\PocketCloud\en-US:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Contacts:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Works\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio\COMMON\IDE\IDE98:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.1:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1036:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\3082:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\McAfee\SiteAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LG Electronics\LG Mobile Driver:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\LG Electronics\LG United Mobile Drivers:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel Control Center:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\HP Software Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\IrisOCR_12.3.4.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\IrisOCR_12.3.7.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\HP Officejet 5740 series\bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\Common\HPDestPlgIn:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Wireless\Bluetooth Suite:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell\SupportAssistAgent:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dell\SupportAssistAgent\bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Power2Go8:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDirector10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD10:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\BIL:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\Resources\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\SFPCA Cache:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Groove.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\InfoPath.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.WW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Brother\PE-DESIGN 8 (Trial Version):Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\McAfee:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Zune\en-US:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\HP\HP Officejet 5740 series:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\HP\HP Officejet 5740 series\Bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\DellDataVault:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\QuickSet:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SARemediation:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SupportAssist:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\SupportAssistAgent:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Dell\QuickSet\help:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Jpn","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

tashi

2017-08-17, 03:02

Hello frankooooo,

I am not seeing anything, sometimes even legitimate software uses rootkit technologies.

Also please list all security software installed. :)

and my wifi video streaming stuff seems to be slower than it should be from this laptop....

Is that a new issue? Windows 10 can eat resources.

Articles that may be of interest, there are lots of others.

http://www.computerworld.com/article/3025709/microsoft-windows/windows-10-quick-tips-how-to-protect-your-privacy.html

http://www.pcworld.com/article/3095284/windows/windows-10-upgrade-dont-use-express-settings-if-you-value-your-privacy.html

Some users are using programs like Spybot Anti Beacon, long thread here (https://forums.spybot.info/showthread.php?72686-Spybot-Anti-Beacon-for-Windows-10)

Best regards.

frankooooo

2017-08-18, 16:59

Hello frankooooo,

I am not seeing anything, sometimes even legitimate software uses rootkit technologies.

Is that a new issue? Windows 10 can eat resources.

Articles that may be of interest, there are lots of others.

http://www.computerworld.com/article/3025709/microsoft-windows/windows-10-quick-tips-how-to-protect-your-privacy.html

http://www.pcworld.com/article/3095284/windows/windows-10-upgrade-dont-use-express-settings-if-you-value-your-privacy.html

Some users are using programs like Spybot Anti Beacon, long thread here (https://forums.spybot.info/showthread.php?72686-Spybot-Anti-Beacon-for-Windows-10)

Best regards.

Thanks for letting me know.