Re: Download freeware RKR scanning software (detect Sony rootkit & others)

pamelafiischer_at_yahoo.com
Date: 11/20/05 

Date: 19 Nov 2005 22:45:40 -0800

Trax wrote:
> All files are located in the
> Windows\system32\$sys$filesystem
> you can't see the directory but you can enter it by accessing it
> directly in a CMD window ie:
> Windows\system32> CD $sys$filesystem

Thanks Trax.
I just finished the RKTDU scan with the results shown below.
Does this look suspicious to you or is are these normal rocket
discrepancies?

Note that I removed the numbers for fear they may have contained
personal identification information (what are those 8-4-4-4-12
character numbers anyway?).

HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{number}\InprocServer32* 3/21/2005 4:23 PM
0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s0 11/19/2005 3:06 AM 4
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s1 11/19/2005 3:06 AM 4
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s2 11/19/2005 3:06 AM 4
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\g0 11/19/2005 3:06 AM 32
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\h0 11/19/2005 3:06 AM 4
bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\number 3/21/2005 2:24 AM 0
bytes Hidden from Windows API.
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\p72bk7em.default\Cache\33084D91d01
11/19/2005 10:24 PM 16.84 KB Visible in directory index, but not
Windows API or MFT.
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\p72bk7em.default\Cache\9ED97802d01
11/19/2005 10:24 PM 37.73 KB Visible in directory index, but not
Windows API or MFT.