Four follow-up questions:
- @Dave Could you confirm Frank's comment that it's run as part of a boot-time scan?
- How do you know it's been run 8 minutes after startup - I notice no harddrive activity? :S
- Is there a separate log or results report to confirm nothing/something was found?
- Would you recommend any complementary anti-rootkit products as an additional security?
1. If I could I would have at the time, to find out I would have run a boot-time scan and checked out the aswAr.log file mentioned by Trag57. You would have to be quick in checking as 8 minutes after boot it would run and overwrite the previous log.
2 & 3. As Targ57 mentioned.
4. I have a few I would try if I felt that I may have a rootkit, but since they will be constantly updated keeping a copy of them is of limited use as it is best to get the latest version before you run it.
There are more anti-rootkit scanners than you can shake a stick at but the greatest majority are totally user unfriendly as they present the user with more questions than answers. There are very few that I would consider efficient and relatively user friendly, but even then you may need further advice.
- Panda Rootkit Cleaner -
http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster -
http://www.trendmicro.com/download/rbuster.asp- F-Secure Blacklight may not always be available,
http://www.f-secure.com/blacklightGMER (and to a degree Rootkit Revealer) as mentioned is very powerful, but a little like the hijackthis of anti-rootkits as it produces volumes of data that you have to analyse. So these to my mine aren't for your average user.