Looking for help interpreting RootAlyzer results (12/23/2025)

avoidtheavoid · 2025-12-24T07:14:56+0000

Greetings,

I have no idea what I'm looking at here; can someone help me interpret the results of my scan with the Deep Rootkit Scan?

I don't have any particular symptoms, I'm just trying to scan my device for regular maintenance and I don't really know what any of the terms mean or how this tool works. I have Spybot Free.

// info: Rootkit removal help file
// copyright: (c) 2008-2025 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackgroundUploadTask","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\EDP\EDP App Launch Task","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\EDP\EDP Auth Task","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\EDP\StorageCardEncryption Task","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\Chkdsk\SyspartRepair","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\WINDOWS\System32\Tasks_Migrated\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\System Volume Information","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Windows\System32\Tasks\Microsoft\Windows\Printing\PrinterCleanupTask","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"No admin in ACL","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Windows\System32\Tasks\Microsoft\Windows\Printing\PrintJobCleanupTask","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\apps.csg","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\apps.schema","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\appsconversions.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\appsglobals.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\appssynonyms.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\settings.csg","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\settings.schema","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\settingsconversions.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\settingsglobals.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

(cont. 1/3)

avoidtheavoid · 2025-12-24T07:16:00+0000

(cont, 2/3)

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{97563ef6-2ca3-4a61-b287-82e4e1ba2771}\settingssynonyms.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\apps.csg","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\apps.schema","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\appsconversions.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\appsglobals.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\appssynonyms.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\settings.csg","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\settings.schema","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\settingsconversions.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\settingsglobals.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{63ca1c38-b715-47ff-90c0-15a49b9c20fc}\settingssynonyms.txt","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Users\WDAGUtilityAccount\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\AIO8ZIH7\microsoftwindows.client[1].xml","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_MicrosoftEdgeUpd_bb916d2d34e6d85df2bd459eb8653b6ea63ee23_00000000_e6519da1-092d-45b3-9f47-3936c2cfc3d7\Report.wer","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.22621.4249_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.22621.4249_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.22621.4249_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.22621.4249_neutral_neutral_cw5n1h2txyewy\S-1-5-21-2047949552-857980807-821054962-504.pckgdep","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.22621.6133_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.22621.6133_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.22621.6133_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.22621.6133_neutral_neutral_cw5n1h2txyewy\S-1-5-21-2047949552-857980807-821054962-504.pckgdep","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat","md5=d41d8cd98f00b204e9800998ecf8427e"

avoidtheavoid · 2025-12-24T07:16:32+0000

(cont, 3/3)

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy\S-1-5-21-2047949552-857980807-821054962-504.pckgdep","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Invisible to Win32","C:\Windows.old\ProgramData\Microsoft\Windows\Containers\BaseImages\f795c51e-3b92-41b3-8cfa-f39ebbc92c48\BaseLayer\Files\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft\Diagnosis\ETLLogs\DlTel-Merge.etl:$ETLUNIQUECVDATA:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft\Diagnosis\ETLLogs\DlTel-Merge00001.etl:$ETLUNIQUECVDATA:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Windows.old\ProgramData\Microsoft\Diagnosis\ETLLogs\DlTel-Merge00002.etl:$ETLUNIQUECVDATA:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Users\user\Documents\Installs\new installs 2025\3D Viewer Installer.exe:SmartScreen:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Users\user\Documents\Installs\new installs 2025\Paint Installer.exe:SmartScreen:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Users\user\Documents\AAA - My Personal Documents\Installs\Firefox Installer.exe:SmartScreen:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"

File:"Unknown ADS","C:\Users\Merlin\Downloads\SpotifySetup.exe:SmartScreen:$DATA","md5=d41d8cd98f00b204e9800998ecf8427e"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU\","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU\","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU\","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU\","Final"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{1D278EEF-5C38-4F2A-8C7D-D5C13B662567}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{2eb6d15c-5239-41cf-82fb-353d20b816cf}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{37096FBE-2F09-4FF6-8507-C6E4E1179839}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{76db1bf3-e820-4765-a1b2-0b16a86b1950}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID\","{7E55A26D-EF95-4A45-9F55-21E52ADF9878}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{1D278EEF-5C38-4F2A-8C7D-D5C13B662567}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{2eb6d15c-5239-41cf-82fb-353d20b816cf}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{37096FBE-2F09-4FF6-8507-C6E4E1179839}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{76db1bf3-e820-4765-a1b2-0b16a86b1950}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID\","{7E55A26D-EF95-4A45-9F55-21E52ADF9878}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{1D278EEF-5C38-4F2A-8C7D-D5C13B662567}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{2eb6d15c-5239-41cf-82fb-353d20b816cf}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{37096FBE-2F09-4FF6-8507-C6E4E1179839}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{76db1bf3-e820-4765-a1b2-0b16a86b1950}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID\","{7E55A26D-EF95-4A45-9F55-21E52ADF9878}"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\","MsSense.exe"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\","HashVersion"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\","ProvidersMigration"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","Av"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","Fw"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","SecurityApp"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\","WebProtection"

RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"

avoidtheavoid · 2025-12-24T07:19:28+0000

Oh, by the way, the OP thread message had a field for "software version", but it wouldn't allow me to format the version correctly because it wouldn't allow periods.

I'm using Spybot Search & Destroy Free v. 2.9.82.0, Rootkit Scanner v. 2.9.82.117

tashi · 2025-12-24T16:10:54+0000

Hello avoidtheavoid,

the RootAlyzer is an analyst tool and not a scan and fix program. In general items found by the RootAlyzer are not necessarily malicious.

Sometimes even legitimate software uses rootkit technologies.

How is the computer running?

Regards,

tashi

Looking for help interpreting RootAlyzer results (12/23/2025)

avoidtheavoid

New member

avoidtheavoid

New member

avoidtheavoid

New member

avoidtheavoid

New member

tashi

Member of Team Spybot