Results 1 to 9 of 9

Thread: Rootkit Deep Scan Results

  1. #1
    Junior Member
    Join Date
    Dec 2014
    Posts
    16

    Default Rootkit Deep Scan Results - Anything bad?

    Hello, I have Avast Antivirus and Malwarebytes on my computer and do regular scans and have never had any infections before, even in scans as recently as today.

    A few days ago I downloaded a free program called "Any Video Converter" from download.cnet.com (prior to installing it, I scanned it using Avast and Malwarebytes, as well as the online scanner at virustotal.com). They all said it was clean.

    After installing that program, I ran scans again because I am paranoid, and they all still came back clean.

    However, it seems like ever since then my computer just seems to be slower than usual at most things. For example, when I open iTunes it takes a long time to open and then will often become non-responsive and I get impatient and close it. When searching for things in Chrome, it seems like the search results take a bit longer to populate also. Just random things like that. I'm not sure if there is a correlation with me installing that "Any Video Converter" program or not?

    So I downloaded Spybot after reading about adware and spyware that sometimes come in on free programs. Wanted to see if it would catch anything that Avast and Malwarebytes missed. The regular scan didn't show anything bad/in red, it was basically just a few usage tracks. Then I ran a Rootkit scan...

    So this is the full result of my Rootkit Deep Scan. I don't really know how to interpret it, hoping someone can tell me if anything looks bad. I did read that many things aren't necessarily malware, but I hope someone can take a look to be sure. Looks like a lot of them are pictures, but there are a few weird looking things, like "C:\Dellt! s". FYI, the E: drive is my Western Digital external hard drive that I have plugged in for backup (the software it uses is called "SmartWare" to automatically back things up)... it seems like a lot of the results are located on that E: drive.

    I'm using Windows 7 64-bit SP1, and Chrome as my browser (but I do have IE and Firefox also installed).

    Thanks for taking a look!

    :: RootAlyzer Results
    File:"Invisible to Win32","E:\Extras sandb"
    1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.paypalobjects.com\settings.sol"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.bb.contentdef.com\settings.sol"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i3.bb.contentdef.com\settings.sol"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5WJDHUEZ\i3.bb.contentdef.com\assets\common\swf\flowplayer.commercial.3.2.10.swf"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5WJDHUEZ\i3.bb.contentdef.com\assets\common\swf\flowplayer.commercial.3.2.10.swf\org.flowplayer.sol"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\group.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\id.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\krb.txt"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\g\o0ix4jipd532wjp4nlfmf502ppt24jbn1dxr0mpntl03zkcp1laaafba\id.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\g\o0ix4jipd532wjp4nlfmf502ppt24jbn1dxr0mpntl03zkcp1laaafba\quota.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\g\o0ix4jipd532wjp4nlfmf502ppt24jbn1dxr0mpntl03zkcp1laaafba\quota@4e98e1b0732c4e418f1fb79425a72859.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\g\o0ix4jipd532wjp4nlfmf502ppt24jbn1dxr0mpntl03zkcp1laaafba\used.dat"
    File:"Invisible to Win32","E:\WD SmartWare.swstor\Owner-PC\Volume.6cdcb045.b4dd.11e1.9ee6.806e6f6e6963\avast! sandbox\S-1-5-21-3836965969-56342752-2157042032-1001\sfzone\C\Users\Owner\AppData\LocalLow\Microsoft\Silverlight\is\ogx0he3x.fa3\3nnn05jo.zob\1\g\o0ix4jipd532wjp4nlfmf502ppt24jbn1dxr0mpntl03zkcp1laaafba\used@6f77c70e71474964954fccb35cf46127.dat"
    File:"Invisible to Win32","C:\Dellt! s"
    File:"No admin in ACL","C:\System Recovery"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-1-19 Ice Storm\DSCN0820.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-1-19 Ice Storm\DSCN0824.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-1-19 Ice Storm\DSCN0825.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-1-19 Ice Storm\DSCN0839.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-1-19 Ice Storm\DSCN0840.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-07-01\088.MOV:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-07-01\096.MOV:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-07-01\101.MOV:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-07-01\118.MOV:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-07-01\204.MOV:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-06-30\001.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-06-25\064.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-04-20\075.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-04-20\077.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-03-22\445.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2012-03-22\446.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 003\MVI_4363.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 003\MVI_4364.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4366.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4368.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4369.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4370.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4371.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-09-05 001\MVI_4372.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2011-07-22\009.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 004\MVI_0388.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 004\MVI_0389.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 003\MVI_0383.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 003\MVI_0385.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 003\MVI_0386.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 002\MVI_0375.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 002\MVI_0376.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 002\MVI_0377.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 001\MVI_0371.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2010-08-29 001\MVI_0372.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Owner\Pictures\2009-09-24 001\Flicker Birds Clip.AVI:TOC.WMV:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    Last edited by Twirly; 2014-12-13 at 08:27.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello Twirly,

    I don't see anything popping out but a rootkit scan will not show common malware.

    Quote Originally Posted by Twirly View Post
    However, it seems like ever since then my computer just seems to be slower than usual at most things. For example, when I open iTunes it takes a long time to open and then will often become non-responsive and I get impatient and close it. When searching for things in Chrome, it seems like the search results take a bit longer to populate also. Just random things like that. I'm not sure if there is a correlation with me installing that "Any Video Converter" program or not?
    If you have concerns please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs so a volunteer analyst can guide you.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Dec 2014
    Posts
    16

    Default

    Thank you very much for taking a look, Tashi!

    If I already have Avast and Malwarebytes installed and neither have shown an infection, should I still download and use "Farbar Recovery Scan Tool" and "aswMBR," as well as download the registry backup tool that is shown in the forum post you directed me to?

    I definitely will if you still suggest it, but I just was afraid to download more unknown (to me) programs if it might not be necessary since I already have those other two programs.

    Thank you again for your time and expertise!

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hi Twirly,

    The preliminary tools used in the malware forum have been used safely by countless users but it is your choice to start a topic in there, or not.

    The link given was in response to your comment,

    Originally Posted by Twirly

    However, it seems like ever since then my computer just seems to be slower than usual at most things. For example, when I open iTunes it takes a long time to open and then will often become non-responsive and I get impatient and close it. When searching for things in Chrome, it seems like the search results take a bit longer to populate also. Just random things like that. I'm not sure if there is a correlation with me installing that "Any Video Converter" program or not?

    Quote Originally Posted by tashi View Post
    I don't see anything popping out but a rootkit scan will not show common malware.

    If you have concerns...
    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Dec 2014
    Posts
    16

    Default

    I guess what I meant was, will these other virus/malware scanners that are suggested show anything different than what my Avast and Malwarebytes have already shown? Just curious if it is overkill or unnecessary to download those other programs and do scans if my Avast and MBAM have already shown my system to be clean.

    But I guess if they are showing it to be clean and things still seem slow on my computer, it wouldn't hurt to try those other scanners too? I just realized that's probably why you suggested those other programs.

    I will follow the instructions and get the logs.

    Thanks again.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello Twirly,

    Quote Originally Posted by Twirly View Post
    I guess what I meant was, will these other virus/malware scanners that are suggested show anything different than what my Avast and Malwarebytes have already shown? Just curious if it is overkill or unnecessary to download those other programs and do scans if my Avast and MBAM have already shown my system to be clean.
    They are tools used by volunteer helpers to take a look at the system.

    Topics in the malware forum show those logs if you want to see what they look like.

    All the best.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Dec 2014
    Posts
    16

    Default

    Ah, geez, sorry! I see what they are now. I was thinking they were just another brand of virus/malware scanners. I see now that they just show information and are very different from the logs I get in Avast or MBAM.

    Thanks again!

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Dec 2014
    Posts
    16

    Default

    Thank you, Tashi!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •