Results 1 to 6 of 6

Thread: YA- check my rootalyzer log? Got a weird memory error/glitch, have log results

  1. #1
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default YA- check my rootalyzer log? Got a weird memory error/glitch, have log results

    Hey-

    I did check Uknown ADS - Do I need to worry about JPEGs and PDFs? and Uknown ADS - Do I need to worry about JPEGs and PDFs? but they didn't seem helpful to me (sorry, I'm pretty tech literate, but still 'user' level, not a dev or IT admin or anything.)

    I got a weird error while online pic here:

    pp pic.jpg

    Have never seen that error before. Newest program(s) are Brother laser printer drivers and software a couple days ago, subscribed to Spybot pro a day or so after that, and then a vpn app a couple weeks ago. PC has been acting a little suspicious since then, tbh. Nothing obvious, subtle 'probably nothing' type things. This error would be the most suspicious. Win 10/64.

    So here's my log:


    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\47CA2FBBC0273BC32819E543302923AF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\J\AppData\Local\VirtualStore\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Office\Data:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Avira\Launcher\apps\icons:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\GnuPG:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Gpg4win:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes' Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MultiExtractor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\RichCopy 4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Whonix for Windows:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windscribe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WinSCP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office16:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\GRETECH\GomPlayer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Dropbox\Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Brother\Brmfl14c:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Avira\Antivirus:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Avira\Launcher:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Avira\VPN:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\RT-N66R Wireless Router Utilities:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\adbLink\adbLink:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\DellTPad:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Eraser:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\OpenVPN:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Sync Framework\2.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Macrium\Reflect:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"


    Any thoughts?

    Thanks!
    Last edited by jasong222; 2017-10-27 at 06:54. Reason: added 'spybot subscription'

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,927

    Default

    Hello jasong222,

    I haven't seen that error before, you might want to contact support to ask about it.

    The RootAlyzer is an analyst tool, it is not a scan and fix program like the System or File Scan. Sometimes even legitimate software uses rootkit technologies.

    The log isn't waving a flag, have any of your security programs flagged malware?

    Best regards.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    Quote Originally Posted by tashi View Post
    Hello jasong222,

    I haven't seen that error before, you might want to contact support to ask about it.

    The RootAlyzer is an analyst tool, it is not a scan and fix program like the System or File Scan. Sometimes even legitimate software uses rootkit technologies.

    The log isn't waving a flag, have any of your security programs flagged malware?

    Best regards.

    ]Hey Tashi- Thanks for the reply. I will check out your support link, lol, thanks... But I don't think it's a spybot thing.... just a weird computer thing.

    I understand the RootAlyzer is an analyst tool.... that's why I posted the logs before 'fixing' any of the errors.

    Glad to see the log doesn't raise any flags... that's mainly why I'm here. No- none of my other programs showed anything unusual.

    But I reinstalled the system anyway (hence the delay in my reply). And I have a suspect as to the culprit, but I'll do a backup/save point before I put that specific driver back in again.

    Mainly- among all the spybot scans I've ever run- I'd never come across any of the results that this particular scan showed.

    Anyway, thanks for your help-

    -J

  4. #4
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    Actually, Tashi,


    Thank link you gave me is turning up 'HTTP ERROR 500'

    Do you have another?

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,927

    Default

    Hello jasong222,

    The home site appears to be down at the moment, I am not certain but if so they may already be on it.

    I will let the team know.

    Best regards.
    Last edited by tashi; 2017-10-29 at 08:05. Reason: Clarify
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,927

    Default

    Hello jasong222,

    The link is working now.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •