Results 1 to 8 of 8

Thread: Rootkit scan results

  1. #1
    Junior Member
    Join Date
    Jul 2015
    Posts
    4

    Default Rootkit scan results

    Hi,

    Could you please tell me whether any of the following scan results are malicious or dangerous, and which, if any, I should delete.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Users\JH\OneDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\JH\OneDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\JH\OneDrive\Pictures:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\JH\OneDrive\Public:ms-properties:$DATA"
    File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
    File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

    Thank you

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello jimmy2times,

    Those entries are not bad, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jul 2015
    Posts
    4

    Default

    Hey Tashi,

    Thank you. The computer used to run faster, add to that the frequent issues with Windows and its Updates... And on my part, I have 3 security software. I realized that it's too much for the computer to handle, so I've disabled some features on 2 of them.

    Thanks

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi jimmy2times,

    Quote Originally Posted by jimmy2times View Post
    And on my part, I have 3 security software. I realized that it's too much for the computer to handle, so I've disabled some features on 2 of them.

    You probably are aware of this but it's an opportunity to provide the information for all users.

    Usually one can have more than one anti-spyware, anti-malware type programs installed without issue, although one may decide to choose one resident real time protection.

    The same does not apply to firewalls and anti-virus programs.

    Rule of thumb is one firewall and one anti virus program resident to avoid conflicts, loss of program efficiency and system lock up due to both software products attempting to access the same files at the same time.


    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Jul 2015
    Posts
    4

    Default

    Hey Tashi,

    I'm having some difficulties starting some programs like Google Chrome. I've tried all the solutions and the only attributable cause remaining is having more than one Antivirus i.e. Norton and Spybot AS+AV. My question is how can I disable AV on Spybot and have it run solely as an AS program. Should I switch off live protection all together? I already have Chrome disabled from the list of protected browsers in Spybot. Many thanks.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello jimmy2times,

    Quote Originally Posted by jimmy2times View Post
    Hey Tashi,

    I'm having some difficulties starting some programs like Google Chrome. I've tried all the solutions and the only attributable cause remaining is having more than one Antivirus i.e. Norton and Spybot AS+AV.
    Aside from program and system lock ups your computer is more likely to get infected by running more than one resident Anti Virus program, it makes them less effective. In this case more isn't better.

    Quote Originally Posted by jimmy2times View Post
    My question is how can I disable AV on Spybot and have it run solely as an AS program. Should I switch off live protection all together? I already have Chrome disabled from the list of protected browsers in Spybot. Many thanks.
    "Live protection monitors all processes created or running on your system and scans them. Malicious processes are blocked even before they start.
    If you have another antivirus engine running you can choose to disable the one integrated into Spybot +AV from Settings."

    https://www.safer-networking.org/live-protection/

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Jul 2015
    Posts
    4

    Post

    Hi Tash,

    So, in other words, disabling Live Protection disables AV, thereby avoiding the conflict? Frankly, I'm finding Spybot to be very effective. I've tried the free edition on my old PC, it cleaned that sucker up!

    The computer is slower now after i upgraded to Windows 10, and i get random mouse freezes while browsing on Chrome.

    I have a question which i hope you could shed some light on; I am unable to "display DNS" it only shows a couple of entries for Google client and others with Norton.Symantec. It definitely does not show my DNS cache which should be a 100 pages long. What's up with that? I mean is it possible the Norton Firewall is not allowing the display of the full DNS? I remember there's a file in System32 which includes the entire DNS cache, what was its name again?

    Thank you Tashi, your assistance is appreciated. Have a good one!

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello jimmy2times,

    Quote Originally Posted by jimmy2times View Post
    It definitely does not show my DNS cache which should be a 100 pages long. What's up with that? I mean is it possible the Norton Firewall is not allowing the display of the full DNS? I remember there's a file in System32 which includes the entire DNS cache, what was its name again?
    At the command prompt type ipconfig /displaydns

    I don't use Norton so can't advise there, I flush the DNS cache on a regular basis.

    There's a lot of information out there but perhaps these two links may be helpful.

    https://www.whatsmydns.net/flush-dns.html

    http://www.howtogeek.com/197804/how-...he-on-windows/

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •