Results 1 to 7 of 7

Thread: Can You Help? Which Results Are Actually Rootkits?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    May 2020
    Posts
    4

    Question Can You Help? Which Results Are Actually Rootkits?

    Can you help? I rootkit scanned my system using Spybot last night & many more potential rootkits were flagged than I expected. Which of the results below are likely rootkits & are safe to be deleted using Spybot? I don't mind also deleting things which are indeterminate, but whose deletion won't harm my system.

    Note the C: drive = my system drive; the D: drive = a DVD drive; & the F: drive = a thumbdrive with Windows installed on it.

    Thanks!

    RESULTS:---
    ========

    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives"
    File:"No admin in ACL","F:\Windows\System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh"
    File:"No admin in ACL","F:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\CloudAPCache\MicrosoftAccount\bce9f11e26d684d661ee8724466e551728149935557951c771dc9e5577b17d45\Cache\CacheData"
    File:"No admin in ACL","F:\Users\Public\AccountPictures\S-1-5-21-2967445993-1701825699-2668369416-1001"
    File:"Unknown ADS","E:\Avernum - Escape From The Pit:Win32App_1:$DATA"
    File:"Unknown ADS","E:\SteamLibrary\steamapps\common\Allegiance:Win32App_1:$DATA"
    File:"Unknown ADS","E:\SteamLibrary\steamapps\common\ChaosReborn:Win32App_1:$DATA"
    File:"Unknown ADS","E:\DOOM MOD GAMES + DOOMLIKES\000 --- FINISHED\Duke Nukem 3D:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000041091A0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109340000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109340090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109510090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109511090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109711090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109810090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109910090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109A10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0357DD412DCC89733BD78393DEA644C1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\04583E7B553E3053FA7D36B5F2F2671E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\067DF0BC6C6C6FA3DA81EFB3B38727D7:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\153AA053AF120723B8A73845437E66DA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1B5423D68BD832A4C92DC2094FA0AB6F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2B67B778F38FA5F42BD8F3936814DA6B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\304DE9D5ED490AB31B6D174FDB4A216E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\34742F951AE254A38B2CE6E0E170F88A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5CC46B3E110C0C0429CB3761DCE56588:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5ECDC744555FB924FB6A46C2C3D686F4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6013214C586B6E849BDB4E9F1148E14B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6B78408C21A860141A2EAA1ADA832766:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\825B1BF8062EE154B9559E51F2498BB0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\846111FA1A99E35418DD08BDFBD6DAD0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\919E6DD7AE805F24787DF768DC2B7E54:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\95ADE08666294B4449E9C0426FD5FF28:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\99962ACB22CE7003BB9736983170C9A9:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B23F4F687C7715943BC3504DA118091C:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B6907FD0A517332468337C1AE66D6D61:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\B8C170BAC378F954CA9AE9EB303C8EB9:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C2CBC2D34D56364478BABBC258C9F1E3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D30CF9A3586C138449FCE4FD3D474979:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DA8F1F778B150944EACEFB8400370ECF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DA93DA4DE19033D4BBB2956FCF8BDA3C:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EC37347E66C956F4CAB3BB8912422848:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F4D866D42AAF627438C4134F16F413E2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F8385C66458B55A4986E6A3178744AFD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\FAA8C7C1D61A8E23985E6F1D56EDB0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\David Copperfield - Charles Dickens.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg1026-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg10586-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg11138-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg11180-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg119-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg1848-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg21427-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg2183-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg24197-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg24313-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg245-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg2572-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg2607-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg2713-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg2727-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg3154-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg3176-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg3178-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg3187-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg33432-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg35304-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg5803-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg6753-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg6768-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg6836-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg7028-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg7423-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg8190-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\Documents\My Kindle Content\pg86-images.mobi:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\user\AppData\Local\VirtualStore\Windows\System32:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds\Fantasy Grounds.lnk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds\FG Char Converter.lnk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds\FG Uninstall.lnk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds\FG Updater.lnk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Microsoft\Windows\Start Menu\Fantasy Grounds\FG Website.url"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\cache"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\console.log"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\docs"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\install.log"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\portraits"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\update.log"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\utilities"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\utilities\CharacterConverter.exe"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\2E.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\3.5E.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\4E.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\5E.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\CoreRPG.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\Cypher System.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\Fate Core.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\Numenera.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\PFRPG.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\PFRPG2.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\SFRPG.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\rulesets\The Strange.pak"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\portraits\Examples.ppk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\portraits\FantasyPortraits.ppk"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\3.5E-basicrules.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\3.5E-magicitems.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\3.5E-monsters.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\3.5E-spells.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\calendars.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\Combat_Battlemaps.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\DD Basic Rules - DM.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\DD Basic Rules - Player.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\DD5E SRD Bestiary.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\DD5E SRD Data.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\DD5E SRD Magic Items.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\FateCoreSRD.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\fumblecrit.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\ks01_ogl_well_met_in_kithtakharos.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\lettertokens.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\PF-SRD-Basic-Rules.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\PF-SRD-Bestiary.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\PF-SRD-Magic-Items.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\PF-SRD-Spells.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\Waterdeep Family Crests.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\modules\Waterdeep.mod"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\fate-BlankSkills.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\Theme_Dungeon.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\Theme_Simple_Brown.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\Theme_Simple_Gray.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\Theme_Wood.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\extensions\Waterdeep Decal.ext"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\DEMO1"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\DEMO1\usersettings"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\DEMO1\usersettings\hotkeys_host.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\campaign.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\CampaignRegistry.lua"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\db.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\extensionstate.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\modulestate.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\portraits"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\usersettings"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\usersettings\hotkeys_host.xml"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\portraits\id-00001"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\portraits\id-00002"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\portraits\id-00003"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\BattleMap01.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\NoGrid_Underdark_tunnels_F.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_5eEffects_Cast_Dialog.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_5eEffects_Damage_Dialog.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_5eEffects_Effect_Dialog.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_5eEffects_Heal_Dialog.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Calendar.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_DMActions.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_DMEffects.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_DMOffense.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_DMTargets.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_DMViewBasic.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Combat_Tracker_player_view.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Items_General.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_Items_Weapon.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_NPCUnlocked.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_NPC_Sheet.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_NPC_Sheet_Encounter.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_PartySheet_Encounters.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_PartySheet_Inventory_One.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_PartySheet_Main.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Tutorial_PartySheet_Quests.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Underdark_tunnels_E.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\Underdark_tunnels_Large_Pool.jpg"
    File:"No admin in ACL","C:\Users\tdlgT3kynhvvu94L2GS\AppData\Roaming\Fantasy Grounds\campaigns\5E Sample Campaign\images\white-house-satellite-view.jpg"
    File:"Unknown ADS","C:\ProgramData\VS\vs10sp1\SetupCache:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\UICaptions:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\CheckPoint\ZoneAlarm\Data:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\tvDebug.log"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Altitude:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Efofex:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\GalaxyClient:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hero Lab:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HEX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ImgBurn:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Inkscape:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel Driver and Support Assistant:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\LogMeIn:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio 10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\nbos:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\PC Connectivity Solution:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\QuickTime:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Scrolls:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Star Commander:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Wizards of the Coast\Learn to play Magic:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Steam\SteamApps\common\Enclave:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Serif\WebPlus Starter Edition\4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ProFantasy\CC3View:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\PC Connectivity Solution\Transports:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Origin Games\Plants vs. Zombies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Nokia\Connectivity Cable Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MSBuild\Microsoft\XNA Game Studio\v4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Setup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\EN:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server\100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\XnaFxRedist40\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\SQL Server Compact Edition\EN:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Rich Tools\RichCopy 4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Redist\DirectX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Logitech\Ereg:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\iTunes\Mozilla Plugins:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\logishrd:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\MSSoap\Binaries\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\DW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\XNA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CheckPoint\ZoneAlarm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Brother\Brmfl10d:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Blizzard Classics\Blackthorne\BTHORNE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Baker & Taylor\Axis 360:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Analog Devices\SoundMAX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server Compact Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\paint.net:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\rempl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Ansel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Display.NvContainer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvTelemetry:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Visual Studio 10.0\Common7:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server Compact Edition\v3.5:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Help Viewer\v1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Help Viewer\v1.0\CatalogInfo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Java\jdk1.8.0_05:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\SUR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office32.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office32.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\7-Zip\Lang:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","Av"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","Fw"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","SecurityApp"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider\SecurityApp","WebProtection"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","Av"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","Fw"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","SecurityApp"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp","WebProtection"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,668

    Default

    Hello Krnt2007,

    The RootAlyzer is an analyst tool and not a scan and fix program, sometimes even legitimate software uses rootkit technologies.

    What is the operating system and did you have any particular reason for using a rootkit scan, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    May 2020
    Posts
    4

    Default Things To Make You Go "Hmmm..."

    Thanks for your timely reply!

    I'm using Windows 10 Pro.

    I was initially concerned I might have a rootkit because of the sheer number of things flagged by my scan.

    Also, sometimes for a space when I try to do something on my system (like clicking to open the Windows Start menu or to close a window) it doesn't happen or takes ages. Admittedly some of this could be due to the age of my system's hardware & ?maybe? it'd work better with more memory (I currently have 4 gigabytes.)

    The next thing to concern me is recent but unreproducible : (1) a rectangular part of ?the screen or an open window? flashes ?mostly black &/or white, like highlighted text?, ?showing a window that should not be visible as it's beneath another one? & (2) the system beeps as if there's an error or I tried to do something not possible. Trying to flick between windows, e.g. with the Alt + Tab keys, may sometimes trigger this. Note this is not a monitor issue.

    Finally, if the occasional quirks I've listed above continue & they're not due to hardware issues, I am guessing they're possibly a rootkit, as I've been performing a series of full non-rootkit malware scans & clean ups of my normal system (some tests remain for the drives I usually don't have plugged in, like my thumbdrive), using different software (Kaspersky, Malwarebytes, Spybot), but the latest scans have turned up (1) no viruses etc & (2) no spyware with a "Threat" bar rating even half-way, with most flagged items looking pretty innocuous.

    I note Kaspersky did detect quite a substantial number of issues in files on one external drive which has (unusually) been plugged in & used alot to do a biannual backup this week, with multiple types of malware reported in some individual files. (All these files were deleted before the latest full scan of my normal system, which was clean.)

    I suspect at least some files here were falsely flagged (1) because they did contain code to access systems more deeply, but Kaspersky didn't recognise them as legitimate (e.g. ironically this includes an old version of the ZoneAlarm antimalware program's uninstall exe); (2) since this backup drive is hardly ever used & so is unlikely to get infected; (3) because some or all the files flagged may have been on this drive a long time, during which they were likely subjected to scans, which did not find them suspicious; & (4) since the finding of multiple malware issues in single files seems unusual.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,668

    Default

    Hello Krnt2007,

    Apparently your anti-virus program is not flagging an infection on the machine. External hard drives are a separate matter.

    Quote Originally Posted by Krnt2007 View Post

    Also, sometimes for a space when I try to do something on my system (like clicking to open the Windows Start menu or to close a window) it doesn't happen or takes ages. Admittedly some of this could be due to the age of my system's hardware & ?maybe? it'd work better with more memory (I currently have 4 gigabytes.)
    4 gigabytes Ram, how much space is on the hard disk?

    Also, is the operating system 32-bit or 64-bit, and was your Windows 10 an upgrade on a previous operating system or a fresh installation?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    May 2020
    Posts
    4

    Default The Plot Thickens

    I'm running the 64-bit version of Windows 10. It was probably a fresh install, but I got it from an NGO that makes systems partly from second-hand parts for people with disability etc, so I can't be sure. (I believe Microsoft has an arrangement with them where they give them legitimate keys to Windows &/or Office.)

    My system disk has 27.3 out of 99.1 Gigs free; the other drive in my tower 19.3 out of 149. I'm going to free just over another 4 Gigs from the second drive soon, as it's under the 15% people (at least used to) say you should leave free on a drive for your system to work smoothly.

    I run a relatively tight ship system-wise in some ways, including a filter which if anything is overzealous in blocking the occasional website I try to visit, when it looks possibly harmless but I'm not sure (recently I was blocked from visiting every site I tried offering reviewer-recommended remote access / viewing tools to help a relative with pernicious tech issues.) I don't tend to download exe's apart from e.g. community-suggested mods & patches for older games I buy at gog.com; or torrent; or visit dodgy sites deliberately. I also manually scan almost every single file I download. So it will be interesting to try to figure out where I might've picked up malware, if it's found.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,668

    Default

    Hello Krnt2007,

    Quote Originally Posted by Krnt2007 View Post

    My system disk has 27.3 out of 99.1 Gigs free; the other drive in my tower 19.3 out of 149. I'm going to free just over another 4 Gigs from the second drive soon, as it's under the 15% people (at least used to) say you should leave free on a drive for your system to work smoothly.
    As you have experienced a few issues with Windows that may be a good place to start troubleshooting before looking for a possible infection.

    Please register at whatthetech and start a topic in their Windows forum here

    You can provide a link to this thread.

    Best regards,

    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •