jasong222
2017-10-27, 05:52
Hey-
I did check Uknown ADS - Do I need to worry about JPEGs and PDFs? and Uknown ADS - Do I need to worry about JPEGs and PDFs? but they didn't seem helpful to me (sorry, I'm pretty tech literate, but still 'user' level, not a dev or IT admin or anything.)
I got a weird error while online pic here:
12964
Have never seen that error before. Newest program(s) are Brother laser printer drivers and software a couple days ago, subscribed to Spybot pro a day or so after that, and then a vpn app a couple weeks ago. PC has been acting a little suspicious since then, tbh. Nothing obvious, subtle 'probably nothing' type things. This error would be the most suspicious. Win 10/64.
So here's my log:
// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\J\AppData\Local\VirtualStore\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\Office\Data:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Avira\Launcher\apps\icons:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\GnuPG:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Gpg4win:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes' Anti-Malware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MultiExtractor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\RichCopy 4.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Whonix for Windows:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windscribe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\WinSCP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office16:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\GRETECH\GomPlayer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dropbox\Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\resources\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Brother\Brmfl14c:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\Antivirus:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\Launcher:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\VPN:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ASUS\RT-N66R Wireless Router Utilities:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\adbLink\adbLink:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\DellTPad:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Eraser:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\OpenVPN:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Sync Framework\2.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Macrium\Reflect:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
Any thoughts?
Thanks!
I did check Uknown ADS - Do I need to worry about JPEGs and PDFs? and Uknown ADS - Do I need to worry about JPEGs and PDFs? but they didn't seem helpful to me (sorry, I'm pretty tech literate, but still 'user' level, not a dev or IT admin or anything.)
I got a weird error while online pic here:
12964
Have never seen that error before. Newest program(s) are Brother laser printer drivers and software a couple days ago, subscribed to Spybot pro a day or so after that, and then a vpn app a couple weeks ago. PC has been acting a little suspicious since then, tbh. Nothing obvious, subtle 'probably nothing' type things. This error would be the most suspicious. Win 10/64.
So here's my log:
// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\J\AppData\Local\VirtualStore\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\Office\Data:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Avira\Launcher\apps\icons:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\GnuPG:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Gpg4win:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes' Anti-Malware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MultiExtractor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\RichCopy 4.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Whonix for Windows:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windscribe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\WinSCP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office16:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\GRETECH\GomPlayer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dropbox\Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\resources\1033:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Brother\Brmfl14c:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\Antivirus:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\Launcher:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Avira\VPN:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ASUS\RT-N66R Wireless Router Utilities:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\adbLink\adbLink:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\DellTPad:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Eraser:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\OpenVPN:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Sync Framework\2.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Macrium\Reflect:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
Any thoughts?
Thanks!