Results 1 to 3 of 3

Thread: Request for RootKit Scan help

  1. #1
    Junior Member
    Join Date
    Aug 2016
    Location
    Winston-Salem
    Posts
    8

    Default Request for RootKit Scan help

    Hello,

    My older desktop (Intel Core2 6420 2.13GHz w/ 4GB RAM running Win10Pro32-bit) has had some unusual behavior for quite some time. Despite frequent scans w/ Defender, MBPro, and Spybot, things run slowly with only one application open. Additionally, USB Hosts have become corrupted and needed uninstalling/reinstalling.

    My Rootkit Scan is below. Thanks for any and all help provided!

    RootAlyzer Quick Scan Results

    Files in Windows folder
    ----------------------------------------
    137 files tested.
    No hidden files detected.
    ========================================

    Files in System folder
    ----------------------------------------
    4186 files tested.
    No hidden files detected.
    ========================================

    Global run entries
    ----------------------------------------
    10 values tested.
    No hidden entries detected.
    ========================================

    Winlogon entries
    ----------------------------------------
    1 keys tested.
    No hidden entries detected.
    ========================================

    Invisible processes (from handles)
    ----------------------------------------
    No handle process IDs tested.
    No hidden processes detected.
    ========================================

    Invisible processes (from threads)
    ----------------------------------------
    112 thread process IDs for 113 processes tested.
    No hidden processes detected.
    ========================================

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\adbFire:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows.old\Windows\System32\LogFiles\WMI\RtBackup"
    File:"Unknown ADS","C:\Windows.old\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
    File:"Unknown ADS","C:\Windows.old\PerfLogs\System\Diagnostics\DELL-XPS410_20110411-000001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000041091A0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109440090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109510090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109610090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109711090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109910090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109A10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109AB0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\099A4A9134357FF43B5BF640C690E1FD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2878E7224F2B79E40BEE94EDC91C0C0C:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\57DB95FFA664A5D4DA32AA8DC7F54DC4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5C13C3F8A3C98AA4E8AF1792A0A75D33:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\715B7D1641954D14DB72291736362172:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7C43C21609E58D74B9C5F017D78D7262:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\87C0696A60D07A046AAB7323F07FA7D4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\8C1BB2A7D3095854F9B3ACDD760DD773:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\933448FAA8F23954183BF9C44530C8E4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C4E2349998117884D957AD7A6910F5DF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C7C0050360226CD37929699EA54066D9:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D30CF9A3586C138449FCE4FD3D474979:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DC6261EB0834FB04485A8D1F4B12C73B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E93F8F62822CC3E4395A60F1CCFB9C41:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F942F94A19C0F79468FD2B85E5E8677B:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat Mobile Scanner"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_B2_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_B_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_G2_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_G_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_L2_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_R2_Channel.bin"
    File:"No admin in ACL","C:\Users\Public\Documents\Neat ADF Scanner\CNLF13BW31RX300_R_Channel.bin"
    File:"Unknown ADS","C:\Users\Joel\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
    File:"Unknown ADS","C:\Users\Joel\Documents\My Kindle Content\Aesops-Fables.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Joel\Documents\My Kindle Content\Pride-and-Prejudice.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Joel\Documents\My Kindle Content\Treasure-Island.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Joel\AppData\Local\ATT Connect:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Office\UICaptions:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\IdentityCRL\production:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Adobe\Adobe PDF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Audacity:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Defraggler:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Digital Rewards Downloader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ffdshow:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hp:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lame For Audacity:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Visual Studio 8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\MPC-HC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\MR APP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\MSBuild:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\PlayReady:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Putty:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\QuickTime:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TeamViewer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TomTom HOME 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinSCP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Z-Firm LLC\ShipRush v10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Contacts:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Mail:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Mesh:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Writer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Shared\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\RemoteActiveX\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Mesh\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Windows Live\Installer\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\VS Revo Group\Revo Uninstaller:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TomTom International B.V\TomTom HOME Visual Studio Merge Modules:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\StarNet\X-Win32 2010:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Serif\PagePlus Essentials\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Phyxion.net\Driver Sweeper:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{8F227FAF-7AFD-403D-B200-6998FFD48494}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{3BE7279C-15AD-4C0A-9F4E-6ECAFCB110BC}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{13591DF6-2B89-44CA-8848-F8D37B5FB706}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{F173CDA1-0BEB-4D28-A216-0E5657C20BC1}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{DAE587CD-3746-4D30-89DD-2C7658ABB861}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{5CEE590F-09F9-4A3B-A85C-7C4737C0D293}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NewTech Infosystems\NTI DriveBackup! 4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NewTech Infosystems\NTI Shadow 3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NETGEAR\ReadySHARE Vault:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Neat\exec:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\2569-7609ZK018YVDYE888J-OEM.OCL"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AppDomainLoader.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AppHelper.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AppProductConfig.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AppUtils.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AppUtilsRes.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\asciieng.lng"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\AssistantApp.exe"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\atm2lll.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\BALTIC.shp"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Bnt.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Bold300.knb"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\CAPI_PInvoke.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\CharSetTable.chr"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ClipLink.olk"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ConvSettings.sts"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\CRX.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Defaults.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\DISTR_TST.exe"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\DocXConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\DocXManagedWrapper.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\english.lng"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\eng_financial.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\eng_legal.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\eng_medical.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ErrMsg_eng.txt"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ExcelCnv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ExcelXCnv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ExcelXManagedWrapper.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Firewrx.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\FireWrx2.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\FireWrx3.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\FireWrx4.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Formatter.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\french.lng"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\fre_legal.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\fre_med.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\FtpLink.olk"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\HTMLCnv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ICDLLW32.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\IF_PNG.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\IF_WMP.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\IPP_OmniPage.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\kdu_V43R.DLL"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\KernelAPI.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LATIN1.shp"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LATIN2.shp"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LecsoMgr.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LecsoX.OXML.Converters.PresentationML.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LecsoX.OXML.Converters.SpreadSheetML.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LecsoX.OXML.Converters.WordProcessingML.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LEditor.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\LogMan.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\lpdata.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\MailLink.olk"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_ConverterMgr.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_D2D.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_DocMgr.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_LinkMgr.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_WFAssist.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_WFMgr.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ME_WFView.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\MiddleEarth.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Mor.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Mor2.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Mor3.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Mor4.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\MorIF.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\MrcR3_1s.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\OdmaLink.olk"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\P4Dll.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\P4dll.vm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pccext.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pccext2.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pccext3.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pccext4.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\PDFCnv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pdflin.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\pdread.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\PPTXConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\PPTXManagedWrapper.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\PreRendering.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\psmaxapi.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\RecAPIPlus.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\RecDiag.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Recogn.bct"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\recogn.set"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Recogn24.bct"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Rendering.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Rendering2.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\rndsdawg.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\rndsinso.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\RtfConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\R_ENG.DAT"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\R_FRE.DAT"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\sami.set"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\SharePoint2K3.olk"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\SkinnedClasses.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\SPDFLib.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ssdoc-schema2.xml"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\ssdoc-schema3.xsd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\TxtConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\vtdata.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\WM_OPActions.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\WM_OPSteps.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\WM_OPUIActions.dlm"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTB.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTC.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTD.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTE.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTP.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTS.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRTZ.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZB.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZC.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZD.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xibrzd.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZE.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZP.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZS.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIBRZZ.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengb.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengc.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengd.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xiengd.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xienge.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengf.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xiengl.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengp.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengs.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\Xiengz.bin"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNB.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNC.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRND.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xifrnd.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNE.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNP.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNS.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XIFRNZ.BIN"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xiintd.dmd"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XMLConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xocr.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xocr2.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xocr3.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xocr32b.exe"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\xocr4.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XPSConv.dlc"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XPSFactoryMananagedClasses.dll"
    File:"No admin in ACL","C:\Program Files\Neat\exec\qsp\ocr\XPSFactoryWrapper.dll"
    File:"Unknown ADS","C:\Program Files\Mozilla Firefox\defaults\pref:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft.NET\RedistList:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Sync Framework\v1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server Compact Edition\v3.1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server Compact Edition\v3.5:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft ASP.NET\ASP.NET MVC 4\Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft\BingDesktop:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\MATLAB\R2011a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Java\jre1.8.0_101:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hp\HP Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\HP Health Check:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\HP Media Vault Pro:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\GreenTree Applications\YTD Video Downloader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Google\Google Earth Pro:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Ford Motor Company\SYNC My iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\D-Link\DWA-566:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\The Neat Company\Send To Neat\Setup:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\calibration sheet"
    File:"Unknown ADS","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\calibration sheet:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\neatconnectscanner.cat"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScanner.inf"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScanner32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScanner32.ds"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScannerHelp.chm"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScannerWIA32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\NeatConnectScannerWIAUI32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\NeatConnect Scanner\calibration sheet\CalibrationSheet.jpg"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\calibration sheet"
    File:"Unknown ADS","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\calibration sheet:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScanner.inf"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScanner32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScanner32.ds"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScannerHelp.chm"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScannerWIA32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\NeatMobileScannerWIAUI32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat Mobile Scanner\calibration sheet\CalibrationSheet.jpg"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\calibration sheet"
    File:"Unknown ADS","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\calibration sheet:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\neatadfscanner.cat"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScanner.inf"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScanner32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScanner32.ds"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScannerHelp.chm"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScannerWIA32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\NeatADFScannerWIAUI32.dll"
    File:"No admin in ACL","C:\Program Files\Common Files\The Neat Company\Drivers\Neat ADF Scanner\calibration sheet\CalibrationSheet.jpg"
    File:"Unknown ADS","C:\Program Files\Common Files\System\Ole DB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Java\Java Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Intuit\QuickBooks:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Internet Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Citrix\ICA Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Citrix\ICA Client\Drivers:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Brother\BRHL2070:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adobe\Acrobat 8.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator","InstallAtShutdown"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI","LogonSoundPlayed"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Vol"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Cht","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMESC","DUState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMEJP\DictionaryUpdate","DUState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello Bdole,

    The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.

    The results show 'No hidden files detected'

    I could link you to a Tech site for someone to troubleshoot but if you would like a volunteer analyst to take a look at the system in our Malware Removal Forum you could start a new topic there first.

    To do so you'd see that forum's FAQ which includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Please let me know which course you'd prefer to take.

    I'm curious, how many Startup Programs do you have? http://www.howtogeek.com/74523/how-t...ms-in-windows/

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Aug 2016
    Location
    Winston-Salem
    Posts
    8

    Default

    tashi,

    Thanks for your reply. I had 17 items Enabled in the Startup Programs list. I disabled all but the printer startup process and the Bing Desktop application.
    I will now start a new thread in the Malware Removal Forum using logs as you've described.

    Thanks for your help!
    Bdole

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •