Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > RootkitRevealer Logs
  New Posts New Posts RSS Feed - Need this log checked quick
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Need this log checked quick

 Post Reply Post Reply
Author
Message
Danpapua View Drop Down
Newbie
Newbie


Joined: 06 October 2011
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote Danpapua Quote  Post ReplyReply Direct Link To This Post Topic: Need this log checked quick
    Posted: 27 March 2012 at 1:10am
Hi I need to know if there is anything wrong with this log.

Thanks,
Danpapua


HKU\S-1-5-21-2296428388-8314034-3403799187-1008\Software\APN\Updater\lastchecktime 3/17/2012 6:05 PM 22 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 5/30/2005 7:29 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 5/30/2005 7:29 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 3/17/2012 6:05 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 3/17/2012 6:05 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\$AVG\$VAULT\V_00000040.fil 9/24/2011 10:48 PM 102.54 KB Visible in Windows API, but not in MFT or directory index.
C:\$AVG\$VAULT\V_00000041.fil 9/26/2011 9:24 AM 102.54 KB Visible in Windows API, but not in MFT or directory index.
C:\$AVG\$VAULT\V_00000043.fil 3/17/2012 6:25 PM 343.95 KB Hidden from Windows API.
C:\$AVG\$VAULT\V_00000044.fil 3/17/2012 8:23 PM 343.90 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\AVG2012\Chjw\f8d84bd2d84b8db6.dat:31896130-daab-4038-9939-893bd7e7047b 3/17/2012 7:21 PM 2.13 MB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\AVG2012\log\avgual.2012-03-07.log 3/17/2012 6:25 PM 490 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AF53453-BBEB-4BE9-81D7-A3A29F1563F2}\offreg.dll 3/17/2012 6:51 PM 54.88 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{7842F567-995E-4EAC-BF3F-719F85F8D217} 3/17/2012 7:29 PM 6.84 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{2261739C-E89A-46C9-9316-BB977B9F8F76} 3/17/2012 7:53 PM 7.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{23863037-A56E-4882-BD69-F29A3FE85046} 3/17/2012 8:35 PM 7.13 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8686E9EC-A7EF-40DA-BB29-CAC55E8B7014} 3/17/2012 7:39 PM 10.69 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B428A86C-8428-46E7-BCBD-61CDB985A078} 3/17/2012 6:53 PM 8.29 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D3288DC3-3FEA-44E3-BDB3-61FAF9E2C9AB} 3/17/2012 8:35 PM 7.24 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\03\54A70DF3-C668-4FF4-893A-4B619358BFD6 3/17/2012 8:35 PM 1.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\04 3/17/2012 7:38 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\04\33888899-FD51-4321-A684-10A1386D0BE2 3/17/2012 7:39 PM 2.03 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\08\D8F4AEAB-6D1A-4B24-AC8E-818D74062EF6 3/17/2012 6:53 PM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\15\5BFDBD63-BCF5-4593-BE3D-B84993C4089F 3/17/2012 7:39 PM 1.98 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\15\AF1B2DCC-05FC-48F6-95E2-C858FF251C3C 3/17/2012 7:39 PM 2.03 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\DetectionHistory\17\BE24BF78-C757-4F66-9C73-F557C39BA4F7 3/17/2012 6:53 PM 1.16 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 2/28/2011 4:11 PM 343.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\Vault\071e1421_59451.jpg:Zone.Identifier 12/7/2008 1:58 PM 26 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{5A9113D6-8496-4B01-8A44-3C12D5DBD139}\chrome\content\_cfg.js 7/23/2010 4:07 PM 2.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\2568.tmp 1/16/2012 10:02 PM 129.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\256A.tmp 1/16/2012 10:02 PM 129.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8EYXHI5E\CA38BLOE.HTM 3/17/2012 7:31 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8EYXHI5E\ObsidianAppDistribConfig[2].xml 3/17/2012 6:56 PM 11.31 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8EYXHI5E\rssCA4ESZTA 3/17/2012 6:28 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8EYXHI5E\rssCACPTS5Z 3/17/2012 6:58 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8EYXHI5E\rssCAYXSUHW 3/17/2012 7:58 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\B5NJKO90\rssCA6J02MO 3/17/2012 8:08 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\B5NJKO90\rssCAADPFK1 3/17/2012 6:38 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\B5NJKO90\rssCABVMZM9 3/17/2012 7:08 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\B5NJKO90\rssCALVCLFO 3/17/2012 7:38 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\B5NJKO90\SearchAppDistribConfig[2].xml 3/17/2012 6:56 PM 31.95 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K1M70JFS\QuoteRequestCA82GF8W.txt 3/17/2012 6:56 PM 1.59 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K1M70JFS\rssCA8WDKTJ 3/17/2012 6:48 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K1M70JFS\rssCABSP4P1 3/17/2012 7:48 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K1M70JFS\rssCAC82ZB4 3/17/2012 8:18 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K1M70JFS\rssCADVA7PQ 3/17/2012 7:18 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\BlinkyAppDistribConfig[2].xml 3/17/2012 6:56 PM 11.24 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\ChameleonappDistribConfig[1].xml 3/17/2012 6:56 PM 11.24 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\QuoteRequestCAXZSD4C.txt 3/17/2012 7:56 PM 1.59 KB Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\rssCA367EY2 3/17/2012 6:18 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\rssCA6QQ1UW 3/17/2012 7:28 PM 790 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJNO1VQ1\rssCAB5NISM 3/17/2012 8:28 PM 790 bytes Hidden from Windows API.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP989\A0239343.dll 2/28/2011 4:11 PM 343.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\TMP000004950DCC0A5079AFDA2A 3/17/2012 8:33 PM 512.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\TMP000004967DC05EDF854DFAE9 3/17/2012 8:35 PM 512.00 KB Visible in Windows API, MFT, but not in directory index.
D: 0 bytes Error mounting volume

Back to Top
nullptr View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 April 2008
Location: Australia
Status: Offline
Points: 763
Post Options Post Options   Thanks (1) Thanks(1)   Quote nullptr Quote  Post ReplyReply Direct Link To This Post Posted: 28 March 2012 at 4:04pm
If you are concerned about possible rootkit infections, you're far better off scanning with GMER, Rootkit Unhooker or TDSSKiller.
Rootkit Revealer ceased development in 2006 and will likely not catch any modern rootkits.

All I'm seeing in your logs is false positives and entries reported as a result of typical windows activities at the time of the scan.


Edited by nullptr - 28 March 2012 at 4:06pm
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down