ThreatFire/RootkitRevealer/Regedit (Help)

Discussion in 'other anti-virus software' started by jpcummins, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. jpcummins

    jpcummins Registered Member

    Feb 20, 2006
    Terre Haute, IN
    I hope I have this in the right area; if not I apologize and ask it be put where it should be.

    I need assistance from a more knowledgeable person than myself. My operating system is Windows XP Pro SP2. I recently installed a security program called “ThreatFire”. When I ran the program it alerted me to the fact that I had two directory entries that should be ignored, deleted or quarantined. These two entries are:


    I then ran “RootkitRevealer” and the results were five entries:

    HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 10/11/2006 12:02 PM 26 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 12/30/2007 2:09 PM 80 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 11/15/2006 4:20 PM 26 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\PCTools\ThreatFire\ProcessCount 12/30/2007 2:09 PM 4 bytes Data Mismatch between Windows API and raw hive data.

    HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 12/29/2007 11:12 AM 0 bytes Hidden from Windows API.

    Finally I ran “regedit” and the only key that said anything about jddg40 was:


    Please notice the difference in the ControlSet numbers in the three different programs. I am really baffled do I need to do anything to any or all of the entries? Any recommendations or suggestions would really be appreciated. Thanking you in advance for any replies.

  2. lucas1985

    lucas1985 Retired Moderator

    Nov 9, 2006
    France, May 1968
    a347scsi is related to software which make virtual optical devices (Daemon Tools, Alcohol, etc)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.