Results 1 to 3 of 3

Thread: E-Mail demanding BitCoin => Run RootAlizer => No Admin in ACL

  1. #1
    Junior Member
    Join Date
    Nov 2018
    Posts
    2

    Default E-Mail demanding BitCoin => Run RootAlizer => No Admin in ACL

    I received an e-mail this morning demanding that I send BitCoin or the author of the e-mail would send my entire contact list embarrassing materials. I'm not going to pay, but I would like to know if this is a genuine threat or merely bluffing. Therefore, I ran RootAlyzer which indicated several entries with "No Admin in ACL." As I'm not at all sure whether I should be mildly concerned or panicked, could those of you with more tech knowledge take a look and let me know? And if necessary point me in the direction to resolve any issues?

    I'm running Win 10 Pro which is mostly up-to-date, but not including the October updating disasters. (I will update once the bugs are mostly resolved.)

    Thanks.



    Here are my results from RootAlyzer:


    // info: Rootkit removal help file
    // copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\CrashPlan:Win32App_1:$DATA"
    File:"Unknown ADS","C:\FreeCommander:Win32App_1:$DATA"
    File:"Unknown ADS","C:\NAPS2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Scapple:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Scrivener:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Spybot Anti-Beacon:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Wise Registry Cleaner:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows\Temp\ZLT014ca.TMP"
    File:"No admin in ACL","C:\Windows\Temp\ZLT018ce.TMP"
    File:"No admin in ACL","C:\Windows\Temp\ZLT026ad.TMP"
    File:"No admin in ACL","C:\Windows\Temp\ZLT03a19.TMP"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109AC0000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109831090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\088A82D1A102DD2498C17885061B6713:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1af2a8da7e60d0b429d7e6453b3d0182:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\4A092BA2F1B61954FAB13751F3013D26:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\59D4928309BDC8D428C46258E605106A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004FABE7000000000050:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\70E300DF65E4CFC419607BAA2B4393E8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\8E58E8E6B4EC5FF4197F4099C9F9EAA6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\8FEF9E6B1AE5B844493266384FD89587:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\943E55EA2CFF508489765C92FFA1D181:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\97C07FD452FF6384EABF98E9FCC4A603:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F5FF1E531E8E2ED43BCEBB2E692B3763:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Jane\OneDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Jane\OneDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Jane\OneDrive\Getting started with OneDrive.pdf:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Jane\AppData\Roaming\FVD Downloader Module:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Jane\AppData\Roaming\VERIZON\SUA_ar:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Jane\AppData\Roaming\FVD Downloader Module\platforms:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\Jane\AppData\Local\Temp\~DF2419691E046EF33A.TMP"
    File:"No admin in ACL","C:\Users\Jane\AppData\Local\Temp\~DFC08FF8A642C9B939.TMP"
    File:"Unknown ADS","C:\Users\Jane\AppData\Local\Citrix\Receiver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Time & Chaos 7\Stardock\Start10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\R\R-3.3.1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Avg:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Nitro\Pro\8.0:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\DATA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\MSOIdentityCRL\production:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Lenovo\userguides\viewer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Lenovo\SystemUpdate\Session:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Intel\Wireless\Settings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\HP\HP LaserJet M1210 MFP Series\Faxes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\CheckPoint\ZoneAlarm\Data:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\W530.ldb"
    File:"Unknown ADS","C:\ProgramData\Adobe\Adobe PDF\Settings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Garmin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Glance211:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Norton Security Scan:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\SRS1 Cubic Spline For Excel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TimePanic:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Wise\Wise Registry Cleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\Forms:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\Installer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\Forms\dei_16:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\Forms\nji_16:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\Forms\pai_16:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TurboTax\Premier 2016\32bit\local:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ThinkPad\Utilities:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Stardock\Start10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Samsung\SUABnR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Nitro\Pro 8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Works\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio\COMMON\IDE\IDE98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1036:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\3082:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Lenovo\LocationAware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Lenovo\System Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Lenovo\Warranty Viewer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\IntelAppStore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\OpenCL SDK\2.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\HP UT LEDM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\HPLaserJetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\HPSSUPPLY:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\Digital Imaging\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Garmin\USB_Drivers\ANTUSBStick2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Power2Go:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD Create:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerProducer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\WaveEditor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Cybereason\RansomFree:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Citrix:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Intuit:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\SPBA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\system\ole db\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\system\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Nitro\Resource:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\Microsoft Online Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Office64.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Office64.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Lenovo\LPU:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\AuthManager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\ICA Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\ICA Client\Receiver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CheckPoint\ZoneAlarm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Carbonite\Carbonite Backup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Belarc\BelarcAdvisor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AVG\Av:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AVG\Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat 10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CrashPlan:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lenovo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Macrium:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\MetaRisk Tool Suite:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\net.downloadhelper.coapp:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\rempl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\SRS1 Cubic Spline For Excel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ThinkVantage Fingerprint Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ThinkPad\Bluetooth Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ThinkPad\TpShocks\MUI:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Display.NvContainer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\nview:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C6E0D009-A2FB-495B-88AF-8F0B733F4071}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVWMI.{AB6AFE68-86CB-4B17-97B6-E713EC81662A}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Optimus.{B5F2D126-1B00-43EF-9CC7-7BBD5183D9FE}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{1A512EBF-7315-48C6-AF66-51350C8F7D47}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50907.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lenovo\Communications Utility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lenovo\Lenovo Mobile Hotspot:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lenovo\Lenovo Solution Center:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Lenovo\SettingsDependency:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel Corporation\Intel WiDi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFiDrivers\Drivers\WUINF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\HP LaserJet M1210 MFP Series:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\HP Touchpoint Analytics Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\HP LaserJet M1210 MFP Series\Scan To:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\ToolboxMX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\ToolboxMX\products\HP LaserJet Professional M1210 MFP\resources\images:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\SPBA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Nitro\Pro\8.0\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\Microsoft Online Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Carbonite\Carbonite Mirror Image:Win32App_1:$DATA"


    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Jane0101,

    Quote Originally Posted by Jane0101 View Post
    I received an e-mail this morning demanding that I send BitCoin or the author of the e-mail would send my entire contact list embarrassing materials. I'm not going to pay, but I would like to know if this is a genuine threat or merely bluffing.
    In general all items found by the RootAlyzer are not necessarily malicious. Because of the email you received it would be best if someone can take a look at the system in the Malware Removal Forum

    Please start a new topic there, the forum's FAQ includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then a volunteer analyst will advise as soon as available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Nov 2018
    Posts
    2

    Default Thanks!

    I appreciate the fast turn around. I'll see what I can do on your recommendations.

    Jane

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •