Quick Query

[CapeBuffalo]

Hi i ran a roguekiller scan when i connect mirc via comodo sandbox and it usually kills 3 svchost host , but this time i saw it found a hidden process but gave no link to location (note: i just got zemana)


RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ducktales [Admin rights]
Mode : Scan -- Date : 05/29/2014 07:42:59

¤¤¤ Bad processes : 4 ¤¤¤
[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]
[Hidden!] -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 2 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 107 ¤¤¤
[SSDT:Addr] NtCreateFile[66] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c99dc
[SSDT:Addr] NtCreateSymbolicLinkObject[86] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c9dba
[SSDT:Addr] NtCreateThread[87] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca102
[SSDT:Addr] NtDeleteKey[103] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca476
[SSDT:Addr] NtDeleteValueKey[106] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca544
[SSDT:Addr] NtDeviceIoControlFile[107] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca690
[SSDT:Addr] NtLoadDriver[155] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc062
[SSDT:Addr] NtMapViewOfSection[168] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc480
[SSDT:Addr] NtOpenFile[179] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc798
[SSDT:Addr] NtOpenKey[182] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc962
[SSDT:Addr] NtOpenProcess[190] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc974
[SSDT:Addr] NtOpenThread[198] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd03e
[SSDT:Addr] NtProtectVirtualMemory[215] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0d2
[SSDT:Addr] NtQueueApcThread[269] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0e4
[SSDT:Addr] NtSecureConnectPort[312] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd3e6
[SSDT:Addr] NtSetContextThread[316] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd452
[SSDT:Addr] NtSetSystemInformation[350] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd78a
[SSDT:Addr] NtSetValueKey[358] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd7f4
[SSDT:Addr] NtTerminateProcess[370] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdbc6
[SSDT:Addr] NtWriteVirtualMemory[399] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfcba
[ShwSSDT:Addr] NtGdiAlphaBlend[7] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca9ba
[ShwSSDT:Addr] NtGdiBitBlt[14] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cacd2
[ShwSSDT:Addr] NtGdiDeleteObjectApp[125] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cafe4
[ShwSSDT:Addr] NtGdiGetPixel[200] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933caffe
[ShwSSDT:Addr] NtGdiMaskBlt[237] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb324
[ShwSSDT:Addr] NtGdiOpenDCW[243] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb63c
[ShwSSDT:Addr] NtGdiPlgBlt[247] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb716
[ShwSSDT:Addr] NtGdiStretchBlt[302] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cba38
[ShwSSDT:Addr] NtGdiTransparentBlt[308] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cbd4e
[ShwSSDT:Addr] NtUserAttachThreadInput[318] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdc36
[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdfa8
[ShwSSDT:Addr] NtUserGetClassInfoEx[406] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce2c4
[ShwSSDT:Addr] NtUserGetKeyState[436] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce740
[ShwSSDT:Addr] NtUserMessageCall[490] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cea54
[ShwSSDT:Addr] NtUserPostMessage[508] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ced68
[ShwSSDT:Addr] NtUserPostThreadMessage[509] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedde
[ShwSSDT:Addr] NtUserRegisterRawInputDevices[524] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedf0
[ShwSSDT:Addr] NtUserSendInput[536] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf1f4
[ShwSSDT:Addr] NtUserSetClipboardViewer[544] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf538
[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfb2e
[ShwSSDT:Addr] NtUserSetWinEventHook[588] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf80e
[ShwSSDT:Addr] NtUserUnhookWindowsHookEx[607] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfc98
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAddressToString : C:\Windows\System32\bthprops.cpl @ 0x6697740f
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDevice : C:\Windows\System32\bthprops.cpl @ 0x669782a0
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDeviceEx : C:\Windows\System32\bthprops.cpl @ 0x669783b9
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateMultipleDevices : C:\Windows\System32\bthprops.cpl @ 0x669782c8
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticationAgent : C:\Windows\System32\bthprops.cpl @ 0x669698be
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisconnectDevice : C:\Windows\System32\bthprops.cpl @ 0x6696dd74
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisplayDeviceProperties : C:\Windows\System32\bthprops.cpl @ 0x669741ab
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableDiscovery : C:\Windows\System32\bthprops.cpl @ 0x6696e424
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableIncomingConnections : C:\Windows\System32\bthprops.cpl @ 0x6696e6c4
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServices : C:\Windows\System32\bthprops.cpl @ 0x6696de94
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServicesEx : C:\Windows\System32\bthprops.cpl @ 0x6696f7a2
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindBrowseGroupClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindClassIdClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindDeviceClose : C:\Windows\System32\bthprops.cpl @ 0x6696d785
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696db97
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstClassId : C:\Windows\System32\bthprops.cpl @ 0x6696d8f5
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstDevice : C:\Windows\System32\bthprops.cpl @ 0x6696e9e6
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696dc7e
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696d9d5
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696dacc
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstRadio : C:\Windows\System32\bthprops.cpl @ 0x6696d6e6
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstService : C:\Windows\System32\bthprops.cpl @ 0x6697032d
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstServiceEx : C:\Windows\System32\bthprops.cpl @ 0x6696edbe
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696cb98
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextClassId : C:\Windows\System32\bthprops.cpl @ 0x6696c97d
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextDevice : C:\Windows\System32\bthprops.cpl @ 0x6696c194
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696cbfd
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696c9d4
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696caa8
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextRadio : C:\Windows\System32\bthprops.cpl @ 0x6696c066
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextService : C:\Windows\System32\bthprops.cpl @ 0x6696d84c
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProfileDescriptorClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolDescriptorStackClose : C:\Windows\System32\bthprops.cpl @ 0x6696ca5b
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolEntryClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindRadioClose : C:\Windows\System32\bthprops.cpl @ 0x6696c1cd
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindServiceClose : C:\Windows\System32\bthprops.cpl @ 0x6696c92f
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetDeviceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696e8f6
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetRadioInfo : C:\Windows\System32\bthprops.cpl @ 0x6696d083
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsConnectable : C:\Windows\System32\bthprops.cpl @ 0x6696e6e6
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsDiscoverable : C:\Windows\System32\bthprops.cpl @ 0x6696e5f3
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsVersionAvailable : C:\Windows\System32\bthprops.cpl @ 0x6696d4b2
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToImageIndex : C:\Windows\System32\bthprops.cpl @ 0x6697731e
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToString : C:\Windows\System32\bthprops.cpl @ 0x66976f6d
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthentication : C:\Windows\System32\bthprops.cpl @ 0x66970114
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthenticationEx : C:\Windows\System32\bthprops.cpl @ 0x66970137
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRemoveDevice : C:\Windows\System32\bthprops.cpl @ 0x66970ebd
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpEnumAttributes : C:\Windows\System32\bthprops.cpl @ 0x6696ccd9
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetAttributeValue : C:\Windows\System32\bthprops.cpl @ 0x66971530
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetContainerElementData : C:\Windows\System32\bthprops.cpl @ 0x66971488
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetElementData : C:\Windows\System32\bthprops.cpl @ 0x66971223
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetString : C:\Windows\System32\bthprops.cpl @ 0x66971883
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevices : C:\Windows\System32\bthprops.cpl @ 0x66973d76
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevicesFree : C:\Windows\System32\bthprops.cpl @ 0x6697253f
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponse : C:\Windows\System32\bthprops.cpl @ 0x6696e323
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponseEx : C:\Windows\System32\bthprops.cpl @ 0x6696e235
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetLocalServiceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696fb77
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetServiceState : C:\Windows\System32\bthprops.cpl @ 0x66970ddb
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUnregisterAuthentication : C:\Windows\System32\bthprops.cpl @ 0x6696cf30
[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUpdateDeviceRecord : C:\Windows\System32\bthprops.cpl @ 0x6696d7e1
[EAT:Addr] (explorer.exe) QAgent.dll - BthpEnableAllServices : C:\Windows\System32\bthprops.cpl @ 0x6697106a
[EAT:Addr] (explorer.exe) QAgent.dll - BthpFindPnpInfo : C:\Windows\System32\bthprops.cpl @ 0x6696eec6
[EAT:Addr] (explorer.exe) QAgent.dll - BthpMapStatusToErr : C:\Windows\System32\bthprops.cpl @ 0x669773df
[EAT:Addr] (explorer.exe) QAgent.dll - CPlApplet : C:\Windows\System32\bthprops.cpl @ 0x6696bb60
[EAT:Addr] (explorer.exe) QAgent.dll - DllCanUnloadNow : C:\Windows\System32\bthprops.cpl @ 0x6696b2e6
[EAT:Addr] (explorer.exe) QAgent.dll - DllGetClassObject : C:\Windows\System32\bthprops.cpl @ 0x6696b1e8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AADS-67S9B1 ATA Device +++++
--- User ---
[MBR] 5985724ba892a5726b4ce24e2f48fbe8
[BSP] eb11fb66582f439466a24426dcc02753 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156299264 | Size: 400620 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_05292014_052109.log - RKreport_SCN_05292014_051606.log

 

[TwinHeadedEagle]

Hi,

Before we begin, I want you to have this in mind:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• I visit forum several times at day, making sure to respond to eveyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[CapeBuffalo]

 

[TwinHeadedEagle]

I noticed you have more than one antivirus installed. Only one is optimal. Choose whether to uninstall Avast or Comodo.



Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  emptyfolderscheck;delete
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns;b

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[CapeBuffalo]

I use comodo internet security, only the HIPS , Firewall and Sandbox, the scanner is never used
also here is the PID of the hidden process

Ok since you gave me the zoek tool i have been running it for 2 days Straight!!!, and finally it just turned my screen black after clsid checking
wth is this tool, it also made me couldnt open not even a text document with the "resource error" (cpu and ram was ok so i guess it the i/o), i'm gonna rerun the remain part in safe mode and give you the other log
omg this is the worst thing i ever run

Edit: ok so i ran the remaining in safe mode and it finished in a few second, so wth happened, i wasted 2 days of my life (
logs attached (2 the first and the remaining ran in safe mode)

 

[TwinHeadedEagle]

You should stop and tell me that Zoek is running too much time.


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

[CapeBuffalo]

You should stop and tell me that Zoek is running too much time.

You know i love you
after the welcome screen the os looks like this for 5 - 10 minutes before it finally loads the desktop but its back to normal now

I post 2 tddsskiller logs:
- 1 with the default scan you asked for (smallest one)
- And the other with all options ticked (mainly for the loaded module option)

 

[TwinHeadedEagle]

I use comodo internet security, only the HIPS , Firewall and Sandbox, the scanner is never used

But we cannot know does Avast and Comodo fight each other for resources. I need you to completely uninstall one of them and then tell me how is computer.

 

[TwinHeadedEagle]

You still with me?

 

[CapeBuffalo]

But we cannot know does Avast and Comodo fight each other for resources. I need you to completely uninstall one of them and then tell me how is computer.

Yeh, the computer moving normal, but roguekiller still find that hidden entry (only saw that since zemana install, as i run roguekiller many times)

 

[TwinHeadedEagle]

RogueKiller is very agressive software, and it sometimes kills even legitimate processes. I do not see any sign of malware in attached reports, so you don't have to worry about


For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/




• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[CapeBuffalo]

RogueKiller is very agressive software, and it sometimes kills even legitimate processes. I do not see any sign of malware in attached reports, so you don't have to worry about


For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/




• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thanks alot of your help and patience
Yeh i'm pretty paranoid so i run a host load of different stand alone tools (with roguekiller adwcleaner, JRT and TFC as my first line resource if my antivirus and malware doesnt pick stuff up)
i have adlbock plus, bitdefender trafficlight, WOT and donnottrackme, i never heard of unchecky, will test them out