Rootkit Help

When I run a scan with Comodo, it comes up with 58 threats found. Here are the results.

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2

Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel

Are these real viruses or false positives? My OS is Windows XP Pro SP3 :embarassed:

[attachment deleted by admin]

Try running kaspersky tdss killer and GMER see if they find anything. In its current state the rootkit scanner in CIS is prone to giving false positives

I have run it, but it came up with nothing came up. :-[

sounds like false positives

Ok, what should I do so I don’t keep getting the same results? Add to trusted files? ???

just to make sure you can report the files as false positives and they will tell you if they are false positives or not. How to report false positives. If you want to exclude the files you can either add them to exclusions. antivirus tab → antivirus behavior settings → exclusions tab or you can add them to the trusted files list under defense +

I’ve tried to report as false positives, but I get an error message that says that not all files have been successfully submitted.

use the second method explained in the FAQ i linked in the previous post.

Thanks, I’ve submitted it and waiting for the results