Rootkit findings

J

Jeff

I have sysinternals "Rootkit Revealer" v 1.7 so I ran it on my XP MCE
system that I keep clean with frequent use of Ad-Aware SE personal,
Spybot, and Avast plus ZoneAlarm. So I was surprised when it showed 6
discrepancies. I'm even more unhappy because I cannot make sense of
these 6 discrepancies. Can someone tell me what to do with these
results? Do I have a zombies PC?

HKLM\SOFTWARE\Classes\CLSID\{7D5C4821-8365-2C5D-B57B-DF6D2D17C629}\InProcServer32*
9/21/2006 2:34 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}*
8/21/2006 3:45 AM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\CLSID\{E9204BC4-9B67-A3A7-9418040E7EC7E28B}\{1ACE6D24-C4A9-397B-64EF395CC2F330B1}\{685A2618-4C9F-7737-7DE531E9434892E2}*
8/21/2006 3:45 AM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 8/19/2006 8:10 PM 13 bytes
Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 6/1/2007 9:06 PM 0 bytes
Access is denied.

C:\System Volume
Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP156\A0087498.RDB
8/14/2007 6:18 PM 2.82 MB Hidden from Windows API.

Jeff
 
J

Jeff

I wanted to add, that the "Hide standard NTFS metadata files" and "scan
registry" are both selected in the RootkitRevealer option screen.

Jeff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Anti-virus, anti-spyware freezing in Win XP 9
Is this malware 1
how about this for a puzzle? 1
Rootkit Revealer scan 1
Root kits 4
Spector Professional Edition v5.0 Build 1167 0
Cross referencing Sony rootkit cloaked CLSID WinXP registry keys 16
Rootkit ? 5

Top