Results 1 to 2 of 2

Thread: Hello Have issues with root analyzer bug. Help

  1. #1
    Junior Member
    Join Date
    May 2018
    Posts
    1

    Default Hello Have issues with root analyzer bug. Help

    Hi! Today I ran a root scan but I am not expert enough to recognize eventual threats. Could someone examine the below scan log? Is there anything I should be worried about? Thanks in advance

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Invisible to Win32","C:\Boott! s"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1A4DE204B5F8A783688899A7FB858B2F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2B7A37F2E05E6A93A9CBFE984E6CE263:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\39103BDF0ADFAAD3CAAC7AE5FE5E6370:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744CAF070E41400:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\84b9c17023c712640acaf308593282f8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\9214B3B9E0227C24C9B5196CE580584B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\AA5C8F95DB19D324FB50908AF09398F8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\BE824E2CE6110C14E9482BD29ECC4AF2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D4ADA0CF5AF82544A8FF0F0AAB9CE77F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\ED428B7D23AD2774E9E5935C5118637A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Immagini:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Music:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Musica:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Preferiti:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Preferiti condivisi:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Pubblica:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Documents\Tecniche:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\AppData\LocalLow\Adblock Plus for IE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\ABBYY\FineReaderSprint\9.00\Licenses:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD APP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Freemake:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel Driver Update Utility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\K-Lite Codec Pack:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\OpenOffice 4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\SystemRequirementsLab:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Contacts:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Video to Video\Lav:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Options14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Java\jre1.8.0_101:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\Documentation:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\Energy Star:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Recovery Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Registration Service:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Utility Center:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\E-Web Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\Easy Photo Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\ECPrinterSetup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\EPSON Printer Finder:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\Common\Easy Photo Print Plugin\PMB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\epson\Creativity Suite\Common\AppInfo1\Event Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\LabelPrint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Media Suite:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PhotoDirector:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Power2Go8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDirector10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\YouCam:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PhotoDirector\Kernel\UACObject:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Java\Java Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD AVT\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Content Viewer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adblock Plus for IE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\IDT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iTunes\iTunesMiniPlayer.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\HP 3D DriveGuard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\EpsonNet\EpsonNet Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies\ATI.ACE\Fuel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI\CIM:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Kinglee,

    The log alone is not raising a flag as even legitimate software may use rootkit technologies.

    Did you have any particular reason for running a rootkit scan, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •