RootKit Hook Analyzer

jack montana · 10-18-2006, 10:31 AM

Hey
Hope someone has some exp. with this..
I disabeled my Kaspersky Av and ran a scan with RootkitRevealer from Sysinternals and came up with these results ?
I use Alcohol52% (having un/install problems with Alcohol120%)
Thats the last 2 entries BUT what is the other entries ??

HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Control Panel\PowerCfg\PowerPolicies\6\Policies 18-10-2006 16:00 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player\ExePath 04-10-2006 02:47 43 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 17-10-2006 16:23 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 14-10-2006 14:14 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41 13-04-2006 17:07 0 bytes Hidden from Windows API.

thank you

jack montana · 10-18-2006, 02:18 PM

Quote:

Originally Posted by jack montana

Hey
Hope someone has some exp. with this..
I disabeled my Kaspersky Av and ran a scan with RootkitRevealer from Sysinternals and came up with these results ?
I use Alcohol52% (having un/install problems with Alcohol120%)
Thats the last 2 entries BUT what is the other entries ??

HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Control Panel\PowerCfg\PowerPolicies\6\Policies 18-10-2006 16:00 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player\ExePath 04-10-2006 02:47 43 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 17-10-2006 16:23 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 14-10-2006 14:14 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41 13-04-2006 17:07 0 bytes Hidden from Windows API.

thank you

hey again
in the meantime i have found out that the :
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg

but I cant remove SPTD my system chrashes when im using RkU3.0.80.295 to "unhook all" tryed in safe mode and with system restore disabled
also tryed to give difrent security settings in REGEDIT

So q HOW can I delete this ?
I belive this entrence has something to do with my problem in/uninstallation of Alcohol120%
Keeps getting error 25002 (no mather what ver. im trying to install EXPEPT Alcohol 52% )

10-18-2006, 10:31 AM	#1
jack montana Registered User Join Date: Oct 2006 Posts: 2	RootKit Hook Analyzer Hey Hope someone has some exp. with this.. I disabeled my Kaspersky Av and ran a scan with RootkitRevealer from Sysinternals and came up with these results ? I use Alcohol52% (having un/install problems with Alcohol120%) Thats the last 2 entries BUT what is the other entries ?? HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Control Panel\PowerCfg\PowerPolicies\6\Policies 18-10-2006 16:00 80 bytes Data mismatch between Windows API and raw hive data. HKLM\S-1-5-21-3242297509-133608637-364582197-1004\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player\ExePath 04-10-2006 02:47 43 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 17-10-2006 16:23 0 bytes Access is denied. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40 14-10-2006 14:14 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41 13-04-2006 17:07 0 bytes Hidden from Windows API. thank you
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode