RKR scans the HKLM\Security\Policy hive which contains SAC* and SAI* hidden keys with embedded (trailing) nulls. This is normal and not a cause for alarm. The presence of some keys with nulls may be pertinent to the correct operation of related applications. See RKR 1.71 and HKLM\Security\Policy\Secrets
. Also see "Info on common log entries
" such as:
Daemon Tools and Alcohol software entries
System Volume Information\_restore
PrefetchNot all hidden components detected by ARKs are malicious
. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
If your unsure how to use RKR or read its logs, use AVG Anti-Rootkit
, Sophos Anti-rootkit
or Panda AntiRootkit
instead. If they detect a rootkit, they should all let you know.