You need to have looked in the aswAr.log on the day of detection as that log gets overwritten on the next anti-rootkit scan.