Results 1 to 4 of 4

Thread: Help with scan log

  1. #1
    Junior Member
    Join Date
    Aug 2016
    Posts
    2

    Default Help with scan log

    Hi,

    Could someone possibly examine the below scan log for me, and let me know if there's anything suspicious?

    Thanks in advance,

    Tom


    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\SysWOW64\MSIHANDLE:1190:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\MSIHANDLE:1369:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\MSIHANDLE:500:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\MSIHANDLE:556:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\MSIHANDLE:657:$DATA"
    File:"Unknown ADS","C:\Windows\System32\MSIHANDLE:1190:$DATA"
    File:"Unknown ADS","C:\Windows\System32\MSIHANDLE:1369:$DATA"
    File:"Unknown ADS","C:\Windows\System32\MSIHANDLE:500:$DATA"
    File:"Unknown ADS","C:\Windows\System32\MSIHANDLE:556:$DATA"
    File:"Unknown ADS","C:\Windows\System32\MSIHANDLE:657:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000041091A0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109340000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109340090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109510090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109511090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109610090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109711090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109810090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109910090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109A10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00004159180090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1A578401380D43A4CBF4F336B5F7E87F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1C006203FDB61DF43160419892CC3158:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6D2F3B68B2CA6100A81E2F7FF787B1C0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\E1DF5BC324EC27A4CA2DA7C80D2248E5:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\Bianca\AppData\Local\Citrix\Receiver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\UICaptions:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Intel\Wireless\Settings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Dell\PowerManager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EndNote X6:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Zotero Standalone:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Skype\Toolbars:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft\BingDesktop:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MetaGeek\inSSIDer Home:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\AMT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Bluetooth:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Drive:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Citrix:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\AuthManager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\ICA Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\Receiver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\SelfServicePlugin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Citrix\ICA Client\Receiver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 10.0\Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office14\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFiDrivers\Drivers:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\IBM\SPSS\Statistics\22:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Dell\PowerManager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office32.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office32.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\IBM\SPSS\COM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\7-Zip\Lang:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
    Last edited by tashi; 2016-08-06 at 18:37. Reason: Removed code wrap :-)

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,988

    Default

    Hello seaephpea,

    In general all items found by the RootAlyzer are not necessarily malicious. Sometimes even legitimate software uses rootkit technologies.

    The log isn't waving a flag so how is the computer running, was there a particular reason for running a scan?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Aug 2016
    Posts
    2

    Default

    Quote Originally Posted by tashi View Post
    Hello seaephpea,
    The log isn't waving a flag so how is the computer running, was there a particular reason for running a scan?
    It's a family member's machine, which I saw had multiple pieces of software installed from untrustworthy sources. So, it's not guaranteed that it's compromised, though it was certainly possible. I'll assume the best if there are no obvious red flags.

    Thanks for taking a look.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,988

    Default

    Hi seaephpea,

    For peace of mind if you would like someone to take a look at the system in the Malware Removal Forum you could start a new topic there once you have access to the computer.

    That forum's FAQ includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then a volunteer analyst will advise.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •