Using a new app McAfee root kit detective v 1.1 any help would be much appreciated
This app can also help with your root kit signatures.Code:McAfee(R) Rootkit Detective 1.1 scan report On 05-03-2009 at 14:58:23 OS-Version 5.1.2600 Service Pack 3.0 ==================================== Object-Type: SSDT-hook Object-Name: ZwAdjustPrivilegesToken Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwClose Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwConnectPort Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwCreateFile Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwCreateKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwCreateSymbolicLinkObject Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwCreateThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwDeleteKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwDeleteValueKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwDeviceIoControlFile Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwDuplicateObject Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwEnumerateKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwEnumerateValueKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwFsControlFile Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwLoadDriver Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwOpenFile Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwOpenKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwOpenProcess Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwOpenSection Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwOpenThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwQueryKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwQueryMultipleValueKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwQueryValueKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwQueueApcThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwReplaceKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwRequestWaitReplyPort Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwRestoreKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwResumeThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSaveKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSecureConnectPort Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSetContextThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSetSecurityObject Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSetSystemInformation Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSetValueKey Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSuspendProcess Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSuspendThread Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwSystemDebugControl Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwTerminateProcess Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: SSDT-hook Object-Name: ZwWriteVirtualMemory Object-Path: C:\WINDOWS\system32\drivers\klif.sys Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_POWER Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_READ Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE Object-Path: Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Unable to access registry key Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Unable to access registry key Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: a0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: p0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: s1 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: s2 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: g0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-key Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Unable to access registry key Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Unable to access registry key Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: a0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: p0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: s1 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: s2 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: g0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-key Object-Name: DataEM\ControlSet001\Services\sptd\Cfg Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data Status: Hidden Object-Type: Registry-key Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Status: Hidden Object-Type: Registry-key Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Status: Hidden Object-Type: Registry-key Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D} Status: Hidden Object-Type: Registry-value Object-Name: Item Data Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D} Status: Hidden Object-Type: Registry-value Object-Name: Display String Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000 Status: Hidden Object-Type: Registry-value Object-Name: Display String Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Status: Hidden Object-Type: Registry-key Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2 Status: Hidden Object-Type: Registry-key Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2 Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows Status: Hidden Object-Type: Registry-value Object-Name: Value Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows Status: Hidden