Results 1 to 2 of 2

Thread: Are these ligit, or Rootkits? Win 10

  1. #1
    Junior Member
    Join Date
    Jul 2016
    Posts
    1

    Default Are these ligit, or Rootkits? Win 10

    Type: File
    Object: 00005109090090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 000051091A0090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 000051091E0090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 000051092E0090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109440090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS


    Type: File
    Object: 00005109510090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109511090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109610090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109611090400100000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109711090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109810090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109910090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109A10090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109A20000000100000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109A20090400100000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109AB0090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109B10090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS


    Type: File
    Object: 00005109B21090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109C20090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109E60090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109F10090400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109F100A0C00000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005109F100C0400000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 00005119110000000000000000F01FEC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 2B7A37F2E05E6A93A9CBFE984E6CE263:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 39103BDF0ADFAAD3CAAC7AE5FE5E6370:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: 6F9E66FF7E38E3A3FA41D89E8A906A4A:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: B8CF35CA81EEC9F3B9950639D7B081C2:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: BCA1BC2A2A49AB231AE5D70813F95798:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: E290642FB0AF8C74D9E3FCC81220398C:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS

    Type: File
    Object: EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA
    Location: C:\Windows\Installer\$PatchCache$\Managed\
    Details: Unknown ADS


    Type: File
    Object: Shop by Variety.htm:StreamedFileState:$DATA
    Location: C:\Users\SHADOW\AppData\Local\Temp\
    Details: Unknown ADS

    Type: File
    Object: regid.1991-06.com.microsoft:Win32App_1:$DATA
    Location: C:\ProgramData\
    Details: Unknown ADS

    Type: File
    Object: LayOut:Win32App_1:$DATA
    Location: C:\ProgramData\SketchUp\SketchUp 2014\
    Details: Unknown ADS

    Type: File
    Object: OFFICE:Win32App_1:$DATA
    Location: C:\ProgramData\Microsoft\
    Details: Unknown ADS

    Type: File
    Object: UICaptions:Win32App_1:$DATA
    Location: C:\ProgramData\Microsoft\OFFICE\
    Details: Unknown ADS

    Type: File
    Object: ATI Technologies:Win32App_1:$DATA
    Location: C:\Program Files (x86)\
    Details: Unknown ADS

    Type: File
    Object: Bethesda.net Launcher:Win32App_1:$DATA
    Location: C:\Program Files (x86)\
    Details: Unknown ADS

    Type: File
    Object: Malwarebytes Anti-Malware:Win32App_1:$DATA
    Location: C:\Program Files (x86)\
    Details: Unknown ADS

    Type: File
    Object: Microsoft Office:Win32App_1:$DATA
    Location: C:\Program Files (x86)\
    Details: Unknown ADS

    Type: File
    Object: Microsoft.NET:Win32App_1:$DATA
    Location: C:\Program Files (x86)\
    Details: Unknown ADS

    Type: File
    Object: VLC:Win32App_1:$DATA
    Location: C:\Program Files (x86)\VideoLAN\
    Details: Unknown ADS

    Type: File
    Object: Ubisoft Game Launcher:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Ubisoft\
    Details: Unknown ADS

    Type: File
    Object: Start10:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Stardock\
    Details: Unknown ADS

    Type: File
    Object: SketchUp 2014:Win32App_1:$DATA
    Location: C:\Program Files (x86)\SketchUp\
    Details: Unknown ADS

    Type: File
    Object: plugins:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Mozilla Firefox\
    Details: Unknown ADS

    Type: File
    Object: Shared:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft SQL Server\110\
    Details: Unknown ADS

    Type: File
    Object: Office15:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Office\
    Details: Unknown ADS

    Type: File
    Object: 1033:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Office\Office15\
    Details: Unknown ADS

    Type: File
    Object: DCF:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Office\Office15\
    Details: Unknown ADS

    Type: File
    Object: DataServices:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Office\Office15\1033\
    Details: Unknown ADS

    Type: File
    Object: Cartridges:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\
    Details: Unknown ADS

    Type: File
    Object: 1033:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Resources\
    Details: Unknown ADS

    Type: File
    Object: WinX_YouTube_Downloader:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Digiarty\
    Details: Unknown ADS

    Type: File
    Object: DESIGNER:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\
    Details: Unknown ADS

    Type: File
    Object: Microsoft Shared:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\
    Details: Unknown ADS

    Type: File
    Object: Ole DB:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\System\
    Details: Unknown ADS

    Type: File
    Object: 1033:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\System\MSMAPI\
    Details: Unknown ADS

    Type: File
    Object: OFFICE15:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\
    Details: Unknown ADS

    Type: File
    Object: VC:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\
    Details: Unknown ADS

    Type: File
    Object: Access.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: DCF.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: InfoPath.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Lync.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Office.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Office64.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: OneNote.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: OSM.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Outlook.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Proofing.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Publisher.en-us:Win32App_1:$DATA
    Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
    Details: Unknown ADS

    Type: File
    Object: Core-Static:Win32App_1:$DATA
    Location: C:\Program Files (x86)\ATI Technologies\ATI.ACE\
    Details: Unknown ADS

    Type: File
    Object: Welcome:Win32App_1:$DATA
    Location: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\
    Details: Unknown ADS

    Type: File
    Object: ATK Package:Win32App_1:$DATA
    Location: C:\Program Files (x86)\ASUS\
    Details: Unknown ADS

    Type: File
    Object: ATI Technologies:Win32App_1:$DATA
    Location: C:\Program Files\
    Details: Unknown ADS

    Type: File
    Object: HDA:Win32App_1:$DATA
    Location: C:\Program Files\Realtek\Audio\
    Details: Unknown ADS

    Type: File
    Object: 1033:Win32App_1:$DATA
    Location: C:\Program Files\Microsoft Office\Office15\
    Details: Unknown ADS

    Type: File
    Object: OneNote:Win32App_1:$DATA
    Location: C:\Program Files\Microsoft Office\Office15\
    Details: Unknown ADS

    Type: File
    Object: microsoft shared:Win32App_1:$DATA
    Location: C:\Program Files\Common Files\
    Details: Unknown ADS

    Type: File
    Object: VC:Win32App_1:$DATA
    Location: C:\Program Files\Common Files\microsoft shared\
    Details: Unknown ADS

    Type: File
    Object: 10.0:Win32App_1:$DATA
    Location: C:\Program Files\Common Files\microsoft shared\VSTO\
    Details: Unknown ADS

    Type: File
    Object: 1033:Win32App_1:$DATA
    Location: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\
    Details: Unknown ADS

    Type: File
    Object: Fuel:Win32App_1:$DATA
    Location: C:\Program Files\ATI Technologies\ATI.ACE\
    Details: Unknown ADS

    I deleted all of these BELOW IN RED, but will include them.

    Type: Key
    Object: Svc
    Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Security Center\
    Details: No admin in ACL

    Type: Key
    Object: Upgrade
    Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\
    Details: No admin in ACL

    Type: Key
    Object: DuState
    Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Chs\
    Details: No admin in ACL

    Type: Key
    Object: Upgrade
    Location: HKLM\SOFTWARE\Microsoft\Security Center\Svc\
    Details: No admin in ACL

    Type: Key
    Object: DuState
    Location: HKLM\SOFTWARE\Microsoft\InputMethod\Chs\
    Details: No admin in ACL

    As you can see, that's a lot of hits.
    Last edited by tashi; 2016-07-04 at 07:09. Reason: Split off to own topic :-)

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Hello WA_HAWK,

    As far as I can tell those are all normal, the RootAlyzer is an analyst tool and sometimes even legitimate software uses rootkit technologies.

    How is the computer running, did you run the scan for a particular reason?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •