Results 1 to 2 of 2

Thread: rootkit scan

  1. #1
    Junior Member
    Join Date
    Jan 2016
    Posts
    1

    Default rootkit scan

    Hi

    I've attached a rootkit scan done on my pc yesterday.

    Is there anything here that I should be concerned about?

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","F:\DriverNavigator:Win32App_1:$DATA"
    File:"Unknown ADS","F:\ipod-converter:Win32App_1:$DATA"
    File:"Unknown ADS","F:\Omron Healthcare\Omron Health Management Software:Win32App_1:$DATA"
    File:"Unknown ADS","F:\logitech\Ereg:Win32App_1:$DATA"
    File:"Unknown ADS","F:\logitech\LWS\LU:Win32App_1:$DATA"
    File:"Unknown ADS","F:\logitech\LWS\Video Mask Maker:Win32App_1:$DATA"
    File:"Unknown ADS","F:\logitech\LWS\Webcam Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021094B0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A30000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1038C85769625584FA5435B4210089A0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\14D02E18772C625439D42F83A09FB187:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1A4DE204B5F8A783688899A7FB858B2F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3FF10DD6EC36B63469BD1663E3AAE48B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5C13C3F8A3C98AA4E8AF1792A0A75D33:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\600F16D5C861B8B47BDF1F311CA00E4E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\65252EF71C7BD0847B63016AA738A3AE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6E58EC68CABDDFF39B774E7BF9389C90:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\89201680EA92B5443BD7FEEB50089276:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\9D34FBAD4011467429B7B5DE21473A0B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\A76A12931BA584E449447C8141FC0372:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B846977CE014ABB47BB58551CBFE7ED1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EB940C659E972054EB7A79453A6EF0B9:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"
    File:"Unknown ADS","C:\Users\User\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
    File:"No admin in ACL","C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper"
    File:"No admin in ACL","C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer"
    File:"Unknown ADS","C:\ProgramData\Nero:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Windows Live\SOXE:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\DATA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\IdentityCRL\production:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\MFAData\pack:Win32App:$DATA"
    File:"Unknown ADS","C:\ProgramData\Logitech\LWS\Filters:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\EPSON\MyEpson Portal:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\CyberLink\CLDShowX.ini:Update.CL:$DATA"
    File:"Unknown ADS","C:\ProgramData\CyberLink\PowerDVD\CLDShowX.ini:Update.CL:$DATA"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\ABBYY\FineReaderSprint\9.00\Licenses:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\bttb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ePEN Scoring System:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit Apps Toolbar:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio 8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MSBuild:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Safari:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Secure Speed Dial:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TomTom HOME 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Phone:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Contacts:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TomTom International B.V\TomTom HOME Visual Studio Merge Modules:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Sony\Sony Image Data Suite:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Sony\Sony Picture Utility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Skype\Toolbars:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Silabs\MCU\DriverUninstall:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Samsung\Kies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\PC Camera\PC VGA Camera:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Nero\Nero8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\RedistList:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Works\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio\COMMON\IDE\IDE98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1036:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\3082:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033\GrooveForms5\FormsStyles:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET MVC 4\Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\McAfee\SiteAdvisor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Java\jre1.8.0_66:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Java\jre6\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\iTunes\Mozilla Plugins:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\Advanced SystemCare:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\Classic Start:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\Driver Booster:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\iFreeUp:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\IObit Malware Fighter:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\IObit Uninstaller:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\Smart Defrag 4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\IObit\Surfing Protection:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Google Earth:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Google Earth\plugin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Focus-ES\Waves:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\Download Navigator:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\E-Web Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\Easy Photo Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\ECPrinterSetup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Epson Software\Epson Manual\Launcher:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\epson\MyEpson Portal\Configration_00000171:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\epson\Creativity Suite\Common\AppInfo1\Event Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 1.1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\DVD Suite:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\LabelPrint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerBackup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Cucusoft\Ultimate-Converter:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\LightScribe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\logishrd:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Nero:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Groove.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Project.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Metadata:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Java\Java Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Internet Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\GoToAssist\896:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ArcSoft\VideoImpression 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat_com:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 11.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 11.0\Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\McAfee:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows XP Mode\Tutorial\Scripts:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Uninstall:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{ACD13677-C8D1-4B5A-86BA-C363D6A647B0}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{66839F53-9279-4E8A-9E4B-F90FF99B1029}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Optimus.{2138CC0B-3642-4D7F-B6C7-C3440A5EEC18}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{CE213E88-4EFE-4B6D-B43D-6C6347993C51}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{16377FED-1FD1-4A33-8B18-2AB0AC07C136}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{471C8D3A-5D2E-4B9E-AF2E-EEB1106BC627}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{46723004-3CCC-4503-AB39-037E7C563600}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.41105.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\logishrd:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Internet Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
    Attached Files Attached Files
    Last edited by tashi; 2016-01-07 at 21:39. Reason: Moved from the malware forum. Copy pasted log into topic

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,487

    Default

    Hello JPEB1,

    The RootAlyzer is an analyst tool and the attachment you provided inconclusive, sometimes even legitimate software may use rootkit technologies.

    Do you suspect an infection, is that why you ran the scan?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •