| View previous topic :: View next topic |
| Author |
Message |
cal1nu
Guest
IP: 141.154.*.*
|
 Posted: Tue Sep 19, 2006 4:43 pm Post subject: Rootkit Revealer Results |
|
|
Here are the results after running rootkit revealer. Can someone tell me if there are any rootkit in my computer?
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 9/19/2006 11:58 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\HackCount 9/19/2006 11:58 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 9/19/2006 11:58 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\WaveFader 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\SpeakerConfig 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\VersaJack 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\DigitalCD 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\Fx1Select 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\Fx2Select 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\WaveFader 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\SpeakerConfig 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\VersaJack 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\DigitalCD 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\Fx1Select 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\Fx2Select 9/19/2006 11:11 AM 39 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT 9/19/2006 12:01 PM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000000.cab 9/19/2006 11:34 AM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000016.BIN 9/19/2006 11:43 AM 638 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000017.dat 9/19/2006 11:43 AM 16.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000018.dat 9/19/2006 11:43 AM 32.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000021.edb 9/19/2006 11:48 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000025.SYS 9/19/2006 12:00 PM 7.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000027 9/19/2006 12:00 PM 256.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000028 9/19/2006 12:00 PM 224.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000029 9/19/2006 12:00 PM 8.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000030 9/19/2006 12:00 PM 220.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000031 9/19/2006 12:00 PM 8.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000032 9/19/2006 12:00 PM 2.34 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000033 9/19/2006 12:00 PM 8.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000034 9/19/2006 12:00 PM 256.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000035 9/19/2006 12:00 PM 36.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000036 9/19/2006 12:00 PM 20.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000037 9/19/2006 12:00 PM 12.56 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000038 9/19/2006 12:00 PM 4.00 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00000039 9/19/2006 12:01 PM 1.40 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\NPROTECT.LOG 9/19/2006 11:11 AM 631.38 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 9/19/2006 12:01 PM 65.14 KB Hidden from Windows API.
D:\RECYCLER\NPROTECT 9/19/2006 11:22 AM 0 bytes Hidden from Windows API.
D:\RECYCLER\NPROTECT\NPROTECT.LOG 9/19/2006 11:11 AM 631.38 KB Hidden from Windows API.
|
|
| Back to top |
|
 |
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Tue Sep 19, 2006 4:53 pm Post subject: |
|
|
What sound card do you have? A Turtle Beach one?
The Zone Alarm and NPROTECT entries are normal assuming you are using Zone Alarm and the Norton Protected Recycle Bin.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
cal1nu
Guest
IP: 141.154.*.*
|
| Posted: Tue Sep 19, 2006 5:07 pm Post subject: |
|
|
| PCBruiser wrote: | What sound card do you have? A Turtle Beach one?
The Zone Alarm and NPROTECT entries are normal assuming you are using Zone Alarm and the Norton Protected Recycle Bin. |
Hi, thanks for replying. Yes I do have the Turtle Beach sound card.
I am also using Zone Alarm and Norton Utilities with the Norton Protected Recycle Bin.
Are there any rootkits from the log result? My computer freezes about 5 minutes after it is started. When I click and open things, nothing happens. I have to leave it alone and wait about 20 minutes for it to unfreeze itself. Then all the things that I clicked and opened suddenly opens. Is this a symptom of a hook kit problem?
|
|
| Back to top |
|
|
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5394
|
| Posted: Wed Sep 20, 2006 3:54 am Post subject: |
|
|
Your results are negative for a rootkit. Those are are legit entries. Have you done any other scans for malware other than RKR?
If so was anything detected?
Have you posted a log in the HJT forum?
_________________
Negster22 - MS MVP - Consumer Security 2006-2008 
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
|
| Back to top |
|
|
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Wed Sep 20, 2006 8:57 pm Post subject: |
|
|
Just to circle back to my question, all the log entries from:
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}\0006\Config\Mixer\
are for a Turtle Beach sound card drivers (assuming that's what you have, and now that's confirmed), and as negster22 said not part of a rootkit.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
