Results 1 to 10 of 10

Thread: Help ... Help ... Help ... Help ... Need Some Help Interpreting RootAlyzer Results !!

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2008-05-09, 01:42 #1
    LawrenceGH
    LawrenceGH is offline
    Junior Member
    Join Date
    May 2008
    Posts
    8

    Default Help ... Help ... Help ... Help ... Need Some Help Interpreting RootAlyzer Results !!

    Please reply.

    Thanks in advance!

    I am running Windows XP, SP 2 on a Pentium D Machine.


    I have run two different versions of RootAlyzer and would appreciate your help in determining what it is that I've got here. Neither of the two versions showed anything in the quick scan. Both showed several results in the deep scan. I question some of the results from the 0.1.4 version which were apparently white listed in the 0.2 version, as some of them appear to be related to files which appear in the log results of the newer version.

    Anyhow - here are the results from the 0.1.4 version:

    :: RootAlyzer Results
    File:"Unknown ADS","C:\RECYCLER\S-1-5-21-996095204-604344382-1343081832-1008\Dc85.pf:SummaryInformation:$DATA"
    File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc333.exe:SummaryInformation:$DATA"
    File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc336.exe:SummaryInformation:$DATA"
    File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
    File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
    Directory:"No admin in ACL","C:\System Volume Information"
    Directory:"No admin in ACL","C:\USERDATA"
    Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"

    Here are the results from the 0.2 version:

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
    File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
    Directory:"No admin in ACL","C:\USERDATA"
    Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"

    A couple of the files appear to possibly be related to fax and phone.
    I'm not so sure.

    I'm also not so sure what the "C:\USERDATA" file is about,
    Or, the "All Users\Application Data\TEMP:DFC5A2B2:$DATA" file.

    Do you know what the numeric sequence "1-5-21-996095204-604344382-1343081832" relates to?

    I ask because I found some entries in my User Rights Assignments which have this same numeric sequence - except with a -1003 and -1004 at the end.
    Do you have anyone who is adept at analyzing files of this type?
    PepiMK?



    Any and all help is greatly appreciated!

    Thanks again,

    LawrenceGH
    Last edited by LawrenceGH; 2008-05-09 at 01:53.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules