Are these ligit, or Rootkits? Win 10

W

WA_HAWK

New member
Type: File
Object: 00005109090090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 000051091A0090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 000051091E0090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 000051092E0090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109440090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS


Type: File
Object: 00005109510090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109511090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109610090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109611090400100000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109711090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109810090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109910090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109A10090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109A20000000100000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109A20090400100000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109AB0090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109B10090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS


Type: File
Object: 00005109B21090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109C20090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109E60090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109F10090400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109F100A0C00000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005109F100C0400000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 00005119110000000000000000F01FEC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 2B7A37F2E05E6A93A9CBFE984E6CE263:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 39103BDF0ADFAAD3CAAC7AE5FE5E6370:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: 6F9E66FF7E38E3A3FA41D89E8A906A4A:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: B8CF35CA81EEC9F3B9950639D7B081C2:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: BCA1BC2A2A49AB231AE5D70813F95798:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: E290642FB0AF8C74D9E3FCC81220398C:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS

Type: File
Object: EFEE0228DC83E77358593193D847A0EC:Win32App_1:$DATA
Location: C:\Windows\Installer\$PatchCache$\Managed\
Details: Unknown ADS


Type: File
Object: Shop by Variety.htm:StreamedFileState:$DATA
Location: C:\Users\SHADOW\AppData\Local\Temp\
Details: Unknown ADS

Type: File
Object: regid.1991-06.com.microsoft:Win32App_1:$DATA
Location: C:\ProgramData\
Details: Unknown ADS

Type: File
Object: LayOut:Win32App_1:$DATA
Location: C:\ProgramData\SketchUp\SketchUp 2014\
Details: Unknown ADS

Type: File
Object: OFFICE:Win32App_1:$DATA
Location: C:\ProgramData\Microsoft\
Details: Unknown ADS

Type: File
Object: UICaptions:Win32App_1:$DATA
Location: C:\ProgramData\Microsoft\OFFICE\
Details: Unknown ADS

Type: File
Object: ATI Technologies:Win32App_1:$DATA
Location: C:\Program Files (x86)\
Details: Unknown ADS

Type: File
Object: Bethesda.net Launcher:Win32App_1:$DATA
Location: C:\Program Files (x86)\
Details: Unknown ADS

Type: File
Object: Malwarebytes Anti-Malware:Win32App_1:$DATA
Location: C:\Program Files (x86)\
Details: Unknown ADS

Type: File
Object: Microsoft Office:Win32App_1:$DATA
Location: C:\Program Files (x86)\
Details: Unknown ADS

Type: File
Object: Microsoft.NET:Win32App_1:$DATA
Location: C:\Program Files (x86)\
Details: Unknown ADS

Type: File
Object: VLC:Win32App_1:$DATA
Location: C:\Program Files (x86)\VideoLAN\
Details: Unknown ADS

Type: File
Object: Ubisoft Game Launcher:Win32App_1:$DATA
Location: C:\Program Files (x86)\Ubisoft\
Details: Unknown ADS

Type: File
Object: Start10:Win32App_1:$DATA
Location: C:\Program Files (x86)\Stardock\
Details: Unknown ADS

Type: File
Object: SketchUp 2014:Win32App_1:$DATA
Location: C:\Program Files (x86)\SketchUp\
Details: Unknown ADS

Type: File
Object: plugins:Win32App_1:$DATA
Location: C:\Program Files (x86)\Mozilla Firefox\
Details: Unknown ADS

Type: File
Object: Shared:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft SQL Server\110\
Details: Unknown ADS

Type: File
Object: Office15:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Office\
Details: Unknown ADS

Type: File
Object: 1033:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Office\Office15\
Details: Unknown ADS

Type: File
Object: DCF:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Office\Office15\
Details: Unknown ADS

Type: File
Object: DataServices:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Office\Office15\1033\
Details: Unknown ADS

Type: File
Object: Cartridges:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\
Details: Unknown ADS

Type: File
Object: 1033:Win32App_1:$DATA
Location: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Resources\
Details: Unknown ADS

Type: File
Object: WinX_YouTube_Downloader:Win32App_1:$DATA
Location: C:\Program Files (x86)\Digiarty\
Details: Unknown ADS

Type: File
Object: DESIGNER:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\
Details: Unknown ADS

Type: File
Object: Microsoft Shared:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\
Details: Unknown ADS

Type: File
Object: Ole DB:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\System\
Details: Unknown ADS

Type: File
Object: 1033:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\System\MSMAPI\
Details: Unknown ADS

Type: File
Object: OFFICE15:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\
Details: Unknown ADS

Type: File
Object: VC:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\
Details: Unknown ADS

Type: File
Object: Access.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: DCF.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: InfoPath.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Lync.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Office.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Office64.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: OneNote.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: OSM.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Outlook.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Proofing.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Publisher.en-us:Win32App_1:$DATA
Location: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\
Details: Unknown ADS

Type: File
Object: Core-Static:Win32App_1:$DATA
Location: C:\Program Files (x86)\ATI Technologies\ATI.ACE\
Details: Unknown ADS

Type: File
Object: Welcome:Win32App_1:$DATA
Location: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\
Details: Unknown ADS

Type: File
Object: ATK Package:Win32App_1:$DATA
Location: C:\Program Files (x86)\ASUS\
Details: Unknown ADS

Type: File
Object: ATI Technologies:Win32App_1:$DATA
Location: C:\Program Files\
Details: Unknown ADS

Type: File
Object: HDA:Win32App_1:$DATA
Location: C:\Program Files\Realtek\Audio\
Details: Unknown ADS

Type: File
Object: 1033:Win32App_1:$DATA
Location: C:\Program Files\Microsoft Office\Office15\
Details: Unknown ADS

Type: File
Object: OneNote:Win32App_1:$DATA
Location: C:\Program Files\Microsoft Office\Office15\
Details: Unknown ADS

Type: File
Object: microsoft shared:Win32App_1:$DATA
Location: C:\Program Files\Common Files\
Details: Unknown ADS

Type: File
Object: VC:Win32App_1:$DATA
Location: C:\Program Files\Common Files\microsoft shared\
Details: Unknown ADS

Type: File
Object: 10.0:Win32App_1:$DATA
Location: C:\Program Files\Common Files\microsoft shared\VSTO\
Details: Unknown ADS

Type: File
Object: 1033:Win32App_1:$DATA
Location: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\
Details: Unknown ADS

Type: File
Object: Fuel:Win32App_1:$DATA
Location: C:\Program Files\ATI Technologies\ATI.ACE\
Details: Unknown ADS

I deleted all of these BELOW IN RED, but will include them.

Type: Key
Object: Svc
Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Security Center\
Details: No admin in ACL

Type: Key
Object: Upgrade
Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\
Details: No admin in ACL

Type: Key
Object: DuState
Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Chs\
Details: No admin in ACL

Type: Key
Object: Upgrade
Location: HKLM\SOFTWARE\Microsoft\Security Center\Svc\
Details: No admin in ACL

Type: Key
Object: DuState
Location: HKLM\SOFTWARE\Microsoft\InputMethod\Chs\
Details: No admin in ACL

As you can see, that's a lot of hits.
 
Last edited by a moderator:
Hello WA_HAWK,

As far as I can tell those are all normal, the RootAlyzer is an analyst tool and sometimes even legitimate software uses rootkit technologies.

How is the computer running, did you run the scan for a particular reason? :)

Best regards.
 
You must log in or register to reply here.
Back
Top