Results 1 to 10 of 10

Thread: Does the rootkit scan in spy bot free provide logs?

  1. #1
    Junior Member
    Join Date
    Dec 2021
    Posts
    15

    Default Does the rootkit scan in spy bot free provide logs?

    It appears that I just get scan results and have to check each result individually for malware.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Joshuacm,

    Quote Originally Posted by Joshuacm View Post
    It appears that I just get scan results and have to check each result individually for malware.
    The RootAlyzer log is usually stored here: C:\ProgramData\Spybot - Search & Destroy\Logs

    However RootAlyzer is not for detecting general malware, it is an analyst tool and not a scan and fix program. Please do not remove anything.

    If you'd like to copy paste the scan results into this topic I can take a look.

    Best regards,

    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Topic opened by request.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Dec 2021
    Posts
    15

    Default These are the logs by the rootkit analyzer

    i will just copy and paste. I do not know whether to attach them or not.

    RootAlyzer Quick Scan Results

    Files in Windows folder
    ----------------------------------------
    134 files tested.
    No hidden files detected.
    ========================================

    Files in System folder
    ----------------------------------------
    3078 files tested.
    No hidden files detected.
    ========================================

    Global run entries
    ----------------------------------------
    9 values tested.
    No hidden entries detected.
    ========================================

    Winlogon entries
    ----------------------------------------
    1 keys tested.
    No hidden entries detected.
    ========================================

    Invisible processes (from handles)
    ----------------------------------------
    No handle process IDs tested.
    No hidden processes detected.
    ========================================

    Invisible processes (from threads)
    ----------------------------------------
    259 thread process IDs for 260 processes tested.
    No hidden processes detected.
    ========================================

    // info: Rootkit removal help file
    // copyright: (c) 2008-2021 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\HP:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows\Temp\ZLT01364.TMP"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021092B0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\10F61E61D2E284244AF26762C141B7C6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1F910F6E6BFD35848AD7E6132674559A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\20B91A1DE71869244AB57058F37DD475:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\23F7F5894EB5ADC459287FEA4AD09147:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\25BBB29DFF28DE24A8C3E460F249A47B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\27B4B248F8E926943B1CC124A2C54443:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\47C327C0FD2653B449092A7045D668D6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5286461E193D0A2439AA72AF18D00A39:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\65AFE4501CA24F848A38A08B89479B27:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7D2F8E1D497754242B6878DE681C98C3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\8F7463F0D15ECCF48826A9D8C0A5FC52:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\91785D291CBB3CC40AB8659C8E48CCC2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\A76E0F7639E8C2C42BD9744C282637A8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\BAC23578239748F49873283373268270:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C3C80EC84FF89D5429E5F4C32E7DAFD7:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E4C8035058276604AB3EB605ADE67D55:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F3B2FE8F543C02F4F84E97A10233C35D:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\TEMP\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\musta\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\JoshuaCM\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\bitdefender_online.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\CCSetup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\DriverUpdate.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\HPSupportSolutionsFramework-12.19.53.13 (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\HPSupportSolutionsFramework-12.19.53.13.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\KART_5.1.0.241021-Home.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\KVRT.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\MBSetup-122165.122165-consumer.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64 (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64 (2).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\NPE.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\recoverit_setup_full4174.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\RogueKiller_setup (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\RogueKiller_setup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp111733.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp118349.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp123485.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp135762.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\Teams_windows_x64.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\Unconfirmed 115190.crdownload:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\VirtualShieldSetup (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\VirtualShieldSetup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\zafwSetupWeb_158_169_18768.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Adobe\Acrobat 8.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\Temp\{65B7288F-1508-4D3B-87CE-D08D66E22877}\CCSetup.exe:SmartScreen:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\Office\DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Office\DATA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\Registry\821fe777-bf67-463b-99f0-b2e0e4d9813b:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Intel\iCLS Client\conf:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\CyberLink\CLDShowX.ini:Update.CL:$DATA"
    File:"Unknown ADS","C:\ProgramData\CheckPoint\ZoneAlarm\Data:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\tvDebug.log"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\BACKUP.NDB"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\IAMDB.NDB"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\LAPTOP-2016B3GJ.ldb"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB25D.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB32E2.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB3360.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB3A45.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB3F57.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB4706.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB4939.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB4C37.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB4DED.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB510B.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB5232.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB56F4.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB5AAE.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB5BCD.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB5C44.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB5E8D.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB6213.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB630B.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB6ABF.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB78.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB812D.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB81AE.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB844E.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB893F.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB897E.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB8A3A.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB9371.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB93CF.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB95A4.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB96FB.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB9815.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB9F2E.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBA096.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBC19A.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBC276.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBC323.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBDCD3.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBDD97.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBDE44.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBE097.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBE0EB.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBE346.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBE53B.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBEF32.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBF117.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBF220.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBF369.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBF3D7.tmp"
    File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBFF89.tmp"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Adobe\Adobe PDF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe Media Player:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Garmin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\PDFtoMusic:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Wondershare\PDFelement 6 Professional:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\App:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Barbarians:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Command and Conquer Tiberium Alliances:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Dino Storm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Fringo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Vegas World:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Web Link - Villagers & Heroes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\12 Labours of Hercules III Girl Power:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Awakening The Dreamless Castle:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Azkend 2 The World Beneath:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Barn Yarn Collectors Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Delicious Emilys Wonder Wedding Premium Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Entwined The Perfect Murder:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Green City Go South:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Home Makeover:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Hoyle Illusions Mahjongg:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\IGT Slots Fire Rubies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Imperial Island Birth of an Empire:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Jewel Match Snowscapes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Little Boy Walters Scooter:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Lost Souls Timeless Fables Collectors Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Magic Heroes Save Our Park:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Manor Memoirs Collectors Edition:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Plagiarii:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Polar Bowler 1st Frame:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\PuppetShow Return to Joyville:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Pyro Jump:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Regency Solitaire:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Runefall:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Rush Hour! Gas Station:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Sky High Farm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Tasty Blue:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\The Far Kingdoms:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Tencent\QQIntl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Seagate\SeagateManager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek Card Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Works\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Visual Studio\COMMON\IDE\IDE98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\1036:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office12\3082:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\api\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Dynamic Platform and Thermal Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\HP CoolSense:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HP\HP System Event\Strings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Registration Service:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Garmin\USB_Drivers\ANTUSBStick2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Dropbox\DropboxOEM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Cyberlink\PowerDVD14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\PostureAgent\plugins\install:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office64.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Bridge CS4 Extensions:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Color:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\TypeSupport:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Updater6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\XMP\Custom File Info Panels\2.0\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\TypeSupport\CMaps\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Scripting Dictionaries CS4\CommonFiles:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\PDFL\9.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Linguistics\4.0\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Linguistics\4.0\Providers\Plugins2\WRLiloPlugin1.1\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Extension Manager CS4\DisplayName:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\DefaultLanguage\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\extensions\Connect:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\extensions\kuler\META-INF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\AMT\FontSTI:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\Adobe Anchor Service CS4.m.070\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat 8.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Bridge CS4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Device Central CS4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Extension Manager CS4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Illustrator CS4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit CS4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\FileZilla FTP Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\rempl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office12\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel Corporation\Intel WiDi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Chipset Device Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Telemetry 2.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\Energy Star:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\HP ePrint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\HP\HP Touchpoint Analytics Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CyberLink\PowerDirector12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AMT:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","ProvidersMigration"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","Av"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","Fw"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","SecurityApp"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider\SecurityApp","WebProtection"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","ProvidersMigration"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","Av"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","Fw"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","SecurityApp"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp","WebProtection"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    one may be repeated, since i scanned twice:
    // info: Rootkit removal help file
    // copyright: (c) 2008-2021 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\HP:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows\Temp\ZLT01364.TMP"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021092B0090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109611090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109A20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F10090400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\10F61E61D2E284244AF26762C141B7C6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1F910F6E6BFD35848AD7E6132674559A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\20B91A1DE71869244AB57058F37DD475:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\23F7F5894EB5ADC459287FEA4AD09147:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\25BBB29DFF28DE24A8C3E460F249A47B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\27B4B248F8E926943B1CC124A2C54443:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\47C327C0FD2653B449092A7045D668D6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5286461E193D0A2439AA72AF18D00A39:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\65AFE4501CA24F848A38A08B89479B27:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\7D2F8E1D497754242B6878DE681C98C3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\8F7463F0D15ECCF48826A9D8C0A5FC52:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\91785D291CBB3CC40AB8659C8E48CCC2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\A76E0F7639E8C2C42BD9744C282637A8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\BAC23578239748F49873283373268270:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\C3C80EC84FF89D5429E5F4C32E7DAFD7:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E4C8035058276604AB3EB605ADE67D55:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\F3B2FE8F543C02F4F84E97A10233C35D:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\TEMP\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\musta\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\JoshuaCM\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\bitdefender_online.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\CCSetup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\DriverUpdate.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\HPSupportSolutionsFramework-12.19.53.13 (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\HPSupportSolutionsFramework-12.19.53.13.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\KART_5.1.0.241021-Home.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\KVRT.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\MBSetup-122165.122165-consumer.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64 (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64 (2).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\mssstool64.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\NPE.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\recoverit_setup_full4174.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\RogueKiller_setup (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\RogueKiller_setup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp111733.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp118349.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp123485.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\sp135762.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\Teams_windows_x64.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\Unconfirmed 115190.crdownload:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\VirtualShieldSetup (1).exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\VirtualShieldSetup.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\Downloads\zafwSetupWeb_158_169_18768.exe:SmartScreen:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\VirtualStore\Program Files (x86)\Adobe\Acrobat 8.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Joshua\AppData\Local\Temp\{65B7288F-1508-4D3B-87CE-D08D66E22877}\CCSetup.exe:SmartScreen:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\AppID","{1111A26D-EF95-4A45-9F55-21E52ADF9887}"


    I did read that no admin may not be an issue.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Quote Originally Posted by Joshuacm View Post

    I did read that no admin may not be an issue.
    Correct.

    The log isn't waving a flag, if you believe your computer is infected please follow the instructions previously posted in the Spybot forum.

    Start a new topic in the Malware Removal Forum and a volunteer analyst will advise.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.
    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Dec 2021
    Posts
    15

    Default

    i have already ran the farbar or whatever program, and I am running the other one. i will post them to the other section when finished.

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Quote Originally Posted by Joshuacm View Post
    i have already ran the farbar or whatever program, and I am running the other one. i will post them to the other section when finished.
    Thank you.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Dec 2021
    Posts
    15

    Default

    it was actually downloading definitions. i am not sure if i am supposed to run the quick scan, or scan the full hard drive. When i tried to scan the C:/ drive, the system crashed. I suppose there must have been some sort of conflict or error. I did not catch what it said. Do you know which scan I am supposed to run for the avast software (aswmbr). I do not get that prompt that it mentions. It just went to blue screen quickly after starting to scan the C: drive.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Joshuacm,

    Could you start a topic in the malware forum and ask your questions there please.

    Best regards,

    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •