Please help.

[Dane]

Hey, A friend gave me this niffty program called RootkitReveler the other day, and i used it to scan my system, this is what it came up with:

HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger 09/04/2007 13:45 3 bytes Data mismatch between Windows API and raw hive data.

HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 09/04/2007 13:07 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\CLSID\{2216D9DB-920A-B7BB-D8AF-09633D5A378D}\InProcServer32* 16/03/2007 09:34 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data.

I told him about the results, and he said that the SecuROM & InProcServer32* findings could be bad, and told me to ask here, since the main forums for RR are locked at the moment. Dose anyone know what these two entry are ? I did a google search on both of them, and i got some good hits on other forums about them, unfortunately the forums were in another language (might have been Russian/Korean)

Thx, Dane

[jholland1964]

RootkitReveler is not used as much anymore as there are several other better rootkit search programs which do a better job today.
If you are experiencing problems the place to start is NOT using a rootkit revealer as your first step...Truthfully that would be one of your LAST steps. The place to start is HERE
You would only look for rootkits if problems present themselves which point to a trojan on the system but other scans and malware search programs have not identified one as being on the system. If you get into looking for rootkits AND then removing/editing registry entries because "findings could be bad" then you can cause more damage to a system then would be caused by the original trojan itself.
Do all the preliminary programs first, save the scan logs and post with information as to why you have taken these steps in the first place. We will be more than happy to help clean your machine, using proper programs and in the proper order.
Judy

[Dane]

Oh, i wasn't aware that RR had dated so. So which root-kit scanner is the suggested one to use now then ? as most of the programs in that link don't primarily focus on root-kits. Also i have nearly all those suggested free programs, and have also used all the those free online scanners, which are quite good i might add, but anyway, that's just the problem, all these various scanning programs i have used all either come back clean, or come up with results that i have already identified, either via asking a friend/google search/or scanning it with taskmon, which has a vast library of intel on various threats. However RootkitReveler was the only program that i had/was aware of that primarily focused on root kits, and it was also the only one off all the lot to find that inprocserver thingy, which i still haven't been able to identify, well actually i have identified numerous instances where other worms/trojan/ad-ware threats might modify that particular reg key, but i have eliminated all them buy various means of symptom analysis and change events that occur with each type of infection, but their are plenty of reg key variations related to "InProcServer32*" that their could be that i just haven't been able to find. In fact, all the instance's i found didn't match my result "HKLM\SOFTWARE\Classes\CLSID\{2216D9DB-920A-B7BB-D8AF-09633D5A378D}\InProcServer32*" And the same applies to securom, all tho it is identified as a cd copy/crack protection solution, but there are alot of threads around about it being something that you might want to remove anyway tho, unfortunately they all contradict each other so im still in the dark as to werther my particular result "HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY*" warrants removal lol.

[jholland1964]

Look, if you want us to help then we need logs. We cannot, do not offer help in removing something that we are not certain is there. InProcServer32 can very well be legitimate and not a problem, but we need to see logs. AVG Anti-spy run in safe mode and allowed to fix, a new HJT log, a Kaspersky online scan. We are not giving advice about something we are not positive is there.

[Dane]

Sorry, should have thought, have just got abit distracted buy something else new, a new file called AB221BD2.exe which has just showed up, anyway sorry again, and here's the log:

[jholland1964]

Look, let's start at the beginning here....
What problems are you having? Please describe them completely, when you have them, what are you doing when they occur? If there is an error message involved please give me the EXACT FULL wording of the error message. When did they begin? Had you installed any new hardware or software just prior to this?
You are giving us virtually NO information here.

a new file called AB221BD2.exe which has just showed up,

Just showed up WHERE?...on your desktop, your taskmanager, your email, in Programs...WHERE? Just saying a new file showed up tells us absolutely nothing.
You say you have used all the programs listed in the link...WHEN? Which programs? Where are the logs?
If they found nothing then why in the world to you believe you have a rootkit on the computer? There absolutely MUST BE A REASON that you feel you have one on the computer. You don't just run a "nifty program" for the heck of it, and if you do you are just looking for trouble somewhere down the line.
You also used the HJT version 2 Beta version, for now I would prefer to have you use the current version, 1.99.1, which is found on the link I gave you.
I am sorry, if you cannot or will not give full information requested that I personally cannot help you here. I have no idea what I am looking for or why I should be helping you look for a rootkit.