Hidden objects found after comodo cleaner

Hi guys,

I have been trying to make my computer safer. I have been using ad-aware, ccleaner with avira antivir for antivirus. Recently I was told that comodo cleaner was good so I decided to give it a try.

so I ran their cleaner and the same day, my scheduled scan with antivir ran and it found a bunch of hidden objects. I restored the system to before the comodo clean and hidden object disappeared.

Can someone tell me if the clean from comodo legit and why do I get those hidden object. also, if someone uses comodo, what is the red cross net to some of the results after a scan? When I used comodo there was a lot of things to be removed so I am a bit confused.

Thanks for your help!

 

anyone has a idea?

 

What were the objects? That is the biggest question, nobody can tell you much without knowing that.

All AV's and scanners can and do occasionally throw up false positives. All these programs though have a quarantine (Comodo should too) which isolates these files from the system so they can't infect or do more damage, and a way to submit them to the product analysts to determine if they really are malware or not.

Also since you have three scanners as it is, check them against each other. If Comodo detects something, does Avira too? What about Ad-Aware? They may just be tracking cookies which are annoying but rather benign. It'd be wise to set up your internet browser to empty all cookies on exit.

As for the red Xs, I cannot help there. I have Comodo firewall only, not the suite.

 

Hi there,

Did you use Comodo System Cleaner? ( link).
If so, it's a legit program.
Just make sure that you download such programs from a reliable source; either from the Comodo site or perhaps a site like Download.com.

C/p'ed from the linked site;
'100% Safe Cleaning - Unique 'Registry Protection' and 'Safe Delete' features automatically roll back your system if important files were deleted in error'

I haven't used the program myself but my guess is, the Comodo program perhaps has made some hidden entries in the registry and that's probably what Avira found.

About the red X marks, do you mean those as in this pic?


If so, be carefull about deleting registry entries. Double check before deleting them and make sure to back up the registry first.
Don't take this wrong but if you don't know what those registry entries mean, it's maybe better not to use that specific program feature.

 

Thanks for the reply. I am using Comodo system cleaner. So yes the picture you showed are correct. I know my way around my computer but I am not familiar with registry so I guess I cannot use comodo.

Which cleaner should you recommand then.

And for information here my avira report:


Avira AntiVir Personal
Report file date: Monday, October 25, 2010 21:53

Scanning for 2970784 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM


Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/20/2010 23:29:22
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 23:29:22
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:43:07
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:55:07
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:57:49
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 01:57:18
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 23:29:22
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 15:12:52
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:20:34
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 21:47:38
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 21:47:38
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 21:47:38
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 21:47:38
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 21:47:39
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 21:47:41
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 21:47:43
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 21:43:09
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 22:31:30
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 12:41:04
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 12:41:06
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 00:54:39
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 20:42:40
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 12:37:11
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 22:50:37
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 22:50:38
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 18:04:30
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 12:52:38
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 12:52:39
VBASE027.VDF : 7.10.13.22 137728 Bytes 10/22/2010 15:51:26
VBASE028.VDF : 7.10.13.23 2048 Bytes 10/22/2010 15:51:26
VBASE029.VDF : 7.10.13.24 2048 Bytes 10/22/2010 15:51:26
VBASE030.VDF : 7.10.13.25 2048 Bytes 10/22/2010 15:51:26
VBASE031.VDF : 7.10.13.37 123392 Bytes 10/25/2010 22:34:13
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/31/2010 00:31:11
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 9/20/2010 21:48:32
AESCN.DLL : 8.1.6.1 127347 Bytes 5/19/2010 23:06:43
AESBX.DLL : 8.1.3.1 254324 Bytes 4/26/2010 23:44:01
AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 21:43:21
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/16/2010 18:04:51
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/26/2010 22:20:49
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/25/2010 22:34:26
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/16/2010 18:04:34
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/2/2010 00:54:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/26/2010 23:43:58
AECORE.DLL : 8.1.17.0 196982 Bytes 9/24/2010 22:31:36
AEBB.DLL : 8.1.1.0 53618 Bytes 4/26/2010 23:43:57
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/20/2010 23:29:23
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/20/2010 23:29:23
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 23:29:22
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/20/2010 23:29:22

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, October 25, 2010 21:53

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Environment\licence0
[NOTE] The registry entry is invisible.
\\?\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}
Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}\Connection\defaultnameresourceid
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}\Connection\defaultnameindex
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}\Connection\name
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\iphlpsvc\Parameters\Isatap\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}\interfacename
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\iphlpsvc\Parameters\Isatap\{97160DC6-0E63-4D79-96E7-06FECD8FFE50}\reusabletype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\usezerobroadcast
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\enabledeadgwdetect
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\enabledhcp
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\nameserver
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\nameserver
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\registrationenabled
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\registeradaptername
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpipaddress
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpsubnetmask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpserver
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpserver
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\lease
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\leaseobtainedtime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\t1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\t2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\leaseterminatestime
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\addresstype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\isservernapaware
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpconnforcebroadcastflag
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpnetworkhint
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpinterfaceoptions
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpgatewayhardware
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpgatewayhardwarecount
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpdefaultgateway
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\Tcpip\Parameters\Interfaces\{AE331A59-D15E-45B2-B586-01391A7DFB17}\3595C4659454\dhcpsubnetmaskopt
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\TCPIP6\Parameters\Interfaces\{97160dc6-0e63-4d79-96e7-06fecd8ffe50}\dhcpv6iaid
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\TCPIP6\Parameters\Interfaces\{97160dc6-0e63-4d79-96e7-06fecd8ffe50}\dhcpv6state
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '128' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '112' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'CSC.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'OAhlp.exe' - '65' Module(s) have been scanned
Scan process 'conhost.exe' - '32' Module(s) have been scanned
Scan process 'HidFind.exe' - '38' Module(s) have been scanned
Scan process 'Apntex.exe' - '35' Module(s) have been scanned
Scan process 'jusched.exe' - '38' Module(s) have been scanned
Scan process 'wmdc.exe' - '52' Module(s) have been scanned
Scan process 'lxdiamon.exe' - '80' Module(s) have been scanned
Scan process 'psqltray.exe' - '85' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '32' Module(s) have been scanned
Scan process 'avgnt.exe' - '71' Module(s) have been scanned
Scan process 'oaui.exe' - '69' Module(s) have been scanned
Scan process 'Apoint.exe' - '49' Module(s) have been scanned
Scan process 'sttray.exe' - '45' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '42' Module(s) have been scanned
Scan process 'rundll32.exe' - '39' Module(s) have been scanned
Scan process 'rundll32.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '149' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '48' Module(s) have been scanned
Scan process 'rundll32.exe' - '45' Module(s) have been scanned
Scan process 'taskeng.exe' - '26' Module(s) have been scanned
Scan process 'taskhost.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'STacSV.exe' - '36' Module(s) have been scanned
Scan process 'ReflectService.exe' - '25' Module(s) have been scanned
Scan process 'lxdicoms.exe' - '35' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '37' Module(s) have been scanned
Scan process 'lxdiserv.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'aestsrv.exe' - '8' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '100' Module(s) have been scanned
Scan process 'upeksvr.exe' - '66' Module(s) have been scanned
Scan process 'oasrv.exe' - '67' Module(s) have been scanned
Scan process 'OAcat.exe' - '36' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '123' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '84' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '279' files ).



End of the scan: Monday, October 25, 2010 21:56
Used time: 02:57 Minute(s)

The scan has been canceled!

0 Scanned directories
3816 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3816 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
544176 Objects were scanned with rootkit scan
34 Hidden objects were found

 

And this is a image from comodo cleaner (attached)

 

Oooh ok, hidden registry entries. I was thinking files like a dll or an exe.

All of this stuff is related to internet and network connectivity. DHCP, leases, addresses, v6iaid..these are all normal and safe. Real quick though, you seem rather security minded, you should disable ipv6 in Windows. There are a few registry tweaks to totally seal it off. Simple and safe to do.

There is one registry entry on your list..

{97160DC6-0E63-4D79-96E7-06FECD8FFE50}

which I would say looks suspicious. There are many entries on a system with weird key names like this but what catches my eye is that its location isn't listed. It may be masked, or maybe have a different reason. It should say HKEY_LOCAL_MACHINE/CURRENT_USER, CLASSES_ROOT or a few other possibilities but instead it looks like this

\\?\Root#*ISATAP#0002#

ISATAP is something for IPV6 but that its location doesn't show raises my eyebrow. I just tried searching my registry for it but registry search sucks and never actually finds what I'm looking for so nothing came up. Can you quarantine and submit things in the cleaner to Comodo for analysis? I would say it it is probably alright but I will leave the decision to delete (but first make a backup of it!) or keep up to you.

All the others stuff is fine.

 

Well the problem is, I only get this report from avira AFTER I ran comodo. before I only had the first hidden object listed.
So the \?\Root#*ISATAP#0002# was not present before I ran comodo.

When I restored the system (ie cancelled comodo actions), my avira report was back to 1 hidden object.

Did you look at the the comodo report in the image I posted?

Thanks for your help.

 

I did look at the picture above but it only shows the registry report with stuff that is not in the Avira report.

In the 430 registry entries that Comodo picks out, are any of these the same ones that Avira finds?

I don't know the reason for Comodo making these entries suddenly detectable by Avira. They all would be there with or without Comodo on the computer. Maybe ask around on the Comodo forums but I can't find anything showing why this occurs. I wouldn't worry about any malware though. I highly doubt that's what is happening here, especially if you downloaded the program directly from Comodo. Sorry I can't help further.

 

I am thinking of scanning my computer using a bootable usb so that it is better to detect rootkit.

I found a nice guide on how to do that and I know how to boot from the usb key but I am not sure how to integrate the anti-rootkit/spyware I would use. I found the portable applications but how to I install them on the (already) bootable usb key?

Also, once I boot from the usb will I see the antispyware programs and then just run them?