Running SysInternals RootkitRevealer on my computer didn’t reveal anything as hiddeous as Mark at SysInternals found. I did however find some, at least to me, curious things.
One thing was a hidden key at HKLM\SYSTEM\ControlSet001\Services\d346prt\Cfg\0Jf40. But I don’t think it is anything to worry about, looks like it is part of Daemon tools, a CD emulator tool I use to mount CD images. At least if one is to believe the answer I got in the Daemon tools forum.
The second thing I found was a couple of broken keys at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall. At least that is how I enterpret RootkitRevealers “Key name contains embedded nulls (*)” message. Looking at the values in that key it looks like they are part of older ATI driver installs. Has anyone else seen this? Or is something more sinister going on in my computer than broken ATI installers? I removed them, and everything seems to still function ok.
Lastly the reported inconsistency with the System.EnterpriceServices assembly is probably nothing to worry about. But I could be wrong 🙂 Can anyone explain this?
That I didn’t find anything more suspicous don’t really surprise me. I have autorun turned off and try to read up on what it is I install before I do. But still, I did manage to unknowingly install Starforce , a drm system for games that also installs a couple of drivers, that I think caused some funky behaviour of my dvd. It spun up and stayed rotating at high speeds whenever I had a CD in the drive. But the creators of Starforce at least have a uninstall utillity, would be even better if a uninstall entry in add/remove applications was created for it but I guess that is asking for too much. Still don’t know what game I got Starforce from, the ones I currently play still work.