Scanned with rootkit revealer for the first time. I have no idea what these results mean, please help me identify any problems. Thankyou!

If I knew how to make this log more readable I would, I am sorry.

HKU\S-1-5-21-515967899-1417001333-725345543-500\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 11/8/2007 10:29 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAC* 9/23/2006 4:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 9/23/2006 4:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\MfxSoftSynths\{89D244AB-19CF-4575-B859-E6C2352BE0D4}\Description 1/14/2007 9:07 PM 7 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Keeper\Path 11/20/2007 4:15 PM 17 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Keeper\DisplayName 11/20/2007 4:15 PM 15 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 10/25/2007 11:13 AM 0 bytes Access is denied.

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\flashgot.log.bak 5/26/2008 11:21 PM 101.55 KB Hidden from Windows API.

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\parent.lock 5/26/2008 11:15 PM 0 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\151B6A2Cd01 5/26/2008 11:15 PM 18.27 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\1D89F97Fd01 5/26/2008 11:15 PM 61.27 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\47A9FA20d01 5/26/2008 11:15 PM 72.10 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\556F3036d01 5/26/2008 11:15 PM 32.21 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\8AA26869d01 5/26/2008 11:15 PM 75.11 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\ABFCA294d01 5/26/2008 11:15 PM 22.20 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\B146A916d01 5/26/2008 11:15 PM 16.56 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\B992FCC0d01 5/26/2008 11:15 PM 34.55 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\zayhbbmp.default\Cache\E0E6022Dd01 5/26/2008 11:15 PM 37.26 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Temp\flashgot.zayhbbmp.default 5/26/2008 11:15 PM 0 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Administrator\Local Settings\Temp\flashgot.zayhbbmp.default\FlashGot.exe.test 5/26/2008 11:15 PM 1.31 KB Visible in Windows API, but not in MFT or directory index.

F:\$VAULT$.AVG\02179171.FIL 5/26/2008 11:33 PM 3.27 KB Hidden from Windows API.

F:\System Volume Information\_restore{328B4442-7694-4693-9452-C96890EB39A8}\RP94\A0031806.exe 10/19/2005 7:52 AM 2.81 KB Visible in Windows API, but not in MFT or directory index.

F:\System Volume Information\_restore{EA8552AF-3D48-4442-9A1F-422D05C652EF}\RP1010\change.log.1 5/26/2008 6:46 PM 2.47 KB Hidden from Windows API.

Hello salmoxe,

Your scan shows no rootkit traces, and nothing of concern.

There was some background activity during the scan which produced most of the entries labeled:

The sptd services key represents the DAEMON Tools driver

HKLM\SOFTWARE\Classes\MfxSoftSynths is related to the program: FL Studio 6

Do you have a dual boot system? I see F: drive with system volume information entries.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

All right great to know, thank you very much negster! Next time I scan I will know to ignore these entries, and not forget to turn all programs off In the meantime I will research what to look out for.

F:\ is an external hard drive, and I do not use it to dual boot. I have recovered files from an old hard drive to it though, that may be why there are system volume information entries on it.

You're welcome, salmoxe, and thanks for the info on your F: drive.

I'll mark this topic as "fixed" then, and good luck in your quest to learn more about computer security and rootkits.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008