Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: "High CPU usage by Comodo Dragon"  (Read 2652 times)

0 Members and 1 Guest are viewing this topic.

nomederai

    Topic Starter


    Starter

    • Experience: Familiar
    • OS: Windows 7
    "High CPU usage by Comodo Dragon"
    « on: May 05, 2013, 07:30:29 AM »
    This problem started a few days ago when i noticed my computer which is only a little under a year old started to run very slowly. Before i start with the problem i should say that I'm certainly no computer expert but I've dabbled in programming and maintenance a couple of times. Not quite my forte. Anyway I started to get these notifications from Norton that something called "Comodo Dragon" was using a very high amount of CPU (I don't know what this means but I know it isn't good) and i know for a fact that i never willingly downloaded anything like this. When i look at the detailed report, it brings up information about the file "windows defender" and a lot of information about this file is unavailable. I will copy the report to the clipboard and paste it at the bottom of this post. I'm not sure if this is a legitimate file or not and if it isn't i need to know how to stop it from slowing down my computer so much. I'm not sure what further information needs to be provided but let me know and I'll answer any questions. Thank you in advance!

    Full Path: c:\users\will\appdata\roaming\win defense\windows defender.exe
    ____________________________
    ____________________________
    Developers Not Available
    Version 21.0.2.0
    Identified 4/26/2013 at 11:15:39 PM
    Last Used 5/5/2013 at 9:30:38 AM
    Startup Item No
    ____________________________
    ____________________________
    Unknown
    This program crash history is not known.
    ____________________________
    Few Users
    Fewer than 100 users in the Norton Community have used this file.
    ____________________________
    New
    This file was released  9 days ago.
    ____________________________
    Bad
    There are many indications that this file is untrustworthy.
    ____________________________
    Source File:
    sdx0edjkmining.exe

    File Created:
    windows defender.exe
    ____________________________
    Performance

    Avg. Resource Usage:Moderate
    Avg. CPU Usage:Heavy
    Avg. Memory Usage:Low
    ____________________________
    Performance Alert
    Time:
     5/5/2013 9:30:34 AM

    Process ID 4908
    CPU  100% of at least one CPU.
    Memory  Normal
    Handles Count  Normal
    Disk Read Activity  Normal
    Disk Write Activity  Normal
    ____________________________
    Network
    ProtocolRemote ConnectionPort
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337
    TCP198.199.73.408337

    ____________________________
    File Thumbprint - SHA:
    4bcbc33817de3a4aadd3e1e1fbe076a5d7e1867 dc4c70f2a56998f7c2a9a179e
    ____________________________
    File Thumbprint - MD5:
    318b472961256c712925052bfa52d179
    ____________________________

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Sage
    • Thanked: 855
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: "High CPU usage by Comodo Dragon"
    « Reply #1 on: May 05, 2013, 10:33:43 AM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    *********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

    nomederai

      Topic Starter


      Starter

      • Experience: Familiar
      • OS: Windows 7
      Re: "High CPU usage by Comodo Dragon"
      « Reply #2 on: May 06, 2013, 07:02:08 AM »
      DAYUMMMMMMM! That software not only quarantined disabled and deleted comodo dragon, but about a thousand other files i didn't even know existed (or if i did, i didnt know they were malicious) You sir, are a lifesaver. Here are the logs you requested.
      there were two from adwcleaner so i'll include both

      # AdwCleaner v2.300 - Logfile created 05/05/2013 at 21:41:54
      # Updated 28/04/2013 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : Will - STUDIO1
      # Boot Mode : Normal
      # Running from : C:\Users\Will\Downloads\adwcleaner.exe
      # Option [Search]


      ***** [Services] *****

      Found : CltMngSvc
      Found : DefaultTabSearch
      Found : DefaultTabUpdate
      Found : vToolbarUpdater14.2.0
      Found : WajamUpdater

      ***** [Files / Folders] *****

      File Found : C:\END
      File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
      File Found : C:\Users\Steve\AppData\Local\funmoods.crx
      File Found : C:\Users\Steve\AppData\Local\funmoods-speeddial.crx
      File Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
      File Found : C:\Users\Steve\AppData\Local\Temp\Searchqu.ini
      File Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\searchplugins\Conduit.xml
      File Found : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\searchplugins\search-here.xml
      Folder Found : C:\Program Files (x86)\Ask.com
      Folder Found : C:\Program Files (x86)\AVG Secure Search
      Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
      Folder Found : C:\Program Files (x86)\Conduit
      Folder Found : C:\Program Files (x86)\DefaultTab
      Folder Found : C:\Program Files (x86)\Funmoods
      Folder Found : C:\Program Files (x86)\SearchProtect
      Folder Found : C:\Program Files (x86)\Somoto_V.1
      Folder Found : C:\Program Files (x86)\uTorrentControl2
      Folder Found : C:\Program Files (x86)\v-Grabber
      Folder Found : C:\Program Files (x86)\Wajam
      Folder Found : C:\ProgramData\AVG Secure Search
      Folder Found : C:\ProgramData\InstallMate
      Folder Found : C:\ProgramData\Premium
      Folder Found : C:\ProgramData\Tarma Installer
      Folder Found : C:\ProgramData\WeCareReminder
      Folder Found : C:\Users\Lindsey\AppData\Local\AVG Secure Search
      Folder Found : C:\Users\Lindsey\AppData\Local\Giant Savings
      Folder Found : C:\Users\Lindsey\AppData\LocalLow\AskToolbar
      Folder Found : C:\Users\Lindsey\AppData\LocalLow\AVG Secure Search
      Folder Found : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\crossriderapp4479@crossrider.com
      Folder Found : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\crossriderapp4479@crossrider.com
      Folder Found : C:\Users\Steve\AppData\Local\AVG Secure Search
      Folder Found : C:\Users\Steve\AppData\Local\Conduit
      Folder Found : C:\Users\Steve\AppData\Local\Temp\avg@toolbar
      Folder Found : C:\Users\Steve\AppData\Local\Temp\CT3282812
      Folder Found : C:\Users\Steve\AppData\LocalLow\AskToolbar
      Folder Found : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
      Folder Found : C:\Users\Steve\AppData\LocalLow\Conduit
      Folder Found : C:\Users\Steve\AppData\LocalLow\Funmoods
      Folder Found : C:\Users\Steve\AppData\LocalLow\uTorrentControl2
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\crossriderapp4479@crossrider.com
      Folder Found : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\crossriderapp4479@crossrider.com
      Folder Found : C:\Users\Steve\AppData\Roaming\SearchProtect
      Folder Found : C:\Users\Will\AppData\Local\APN
      Folder Found : C:\Users\Will\AppData\Local\AVG Secure Search
      Folder Found : C:\Users\Will\AppData\Local\Wajam
      Folder Found : C:\Users\Will\AppData\LocalLow\AskToolbar
      Folder Found : C:\Users\Will\AppData\LocalLow\AVG Secure Search
      Folder Found : C:\Users\Will\AppData\LocalLow\Conduit
      Folder Found : C:\Users\Will\AppData\LocalLow\PriceGong
      Folder Found : C:\Users\Will\AppData\LocalLow\Somoto_V.1
      Folder Found : C:\Users\Will\AppData\LocalLow\uTorrentControl2
      Folder Found : C:\Users\Will\AppData\Roaming\DefaultTab
      Folder Found : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
      Folder Found : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
      Folder Found : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\jetpack
      Folder Found : C:\Users\Will\AppData\Roaming\SearchProtect
      Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

      ***** [Registry] *****

      Key Found : HKCU\Software\1ClickDownload
      Key Found : HKCU\Software\APN
      Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
      Key Found : HKCU\Software\AppDataLow\Software\Conduit
      Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
      Key Found : HKCU\Software\AppDataLow\Software\Giant Savings
      Key Found : HKCU\Software\AppDataLow\Software\PriceGong
      Key Found : HKCU\Software\AppDataLow\Software\SmartBar
      Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
      Key Found : HKCU\Software\AppDataLow\Toolbar
      Key Found : HKCU\Software\Ask.com
      Key Found : HKCU\Software\AVG Secure Search
      Key Found : HKCU\Software\Default Tab
      Key Found : HKCU\Software\DefaultTab
      Key Found : HKCU\Software\Funmoods
      Key Found : HKCU\Software\InstallCore
      Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
      Key Found : HKCU\Software\Optimizer Pro
      Key Found : HKCU\Software\pc optimizer pro
      Key Found : HKCU\Software\SearchProtect
      Key Found : HKCU\Software\Wajam
      Key Found : HKCU\Software\wecarereminder
      Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKLM\Software\APN
      Key Found : HKLM\Software\AskToolbar
      Key Found : HKLM\Software\AVG Secure Search
      Key Found : HKLM\Software\AVG Security Toolbar
      Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
      Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
      Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
      Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
      Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
      Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
      Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
      Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
      Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
      Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
      Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
      Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
      Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
      Key Found : HKLM\SOFTWARE\Classes\f
      Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
      Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
      Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
      Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
      Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
      Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
      Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
      Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
      Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
      Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
      Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
      Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
      Key Found : HKLM\SOFTWARE\Classes\S
      Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
      Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
      Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
      Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
      Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
      Key Found : HKLM\Software\Conduit
      Key Found : HKLM\Software\Default Tab
      Key Found : HKLM\Software\DefaultTab
      Key Found : HKLM\Software\Freeze.com
      Key Found : HKLM\Software\Funmoods
      Key Found : HKLM\Software\Iminent
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
      Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B673DD09-E496-4A82-8144-D16AD900B303}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      Key Found : HKLM\Software\SearchProtect
      Key Found : HKLM\Software\Somoto_V.1
      Key Found : HKLM\Software\uTorrentControl2
      Key Found : HKLM\Software\Wajam
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B673DD09-E496-4A82-8144-D16AD900B303}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445579}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446679}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077447779}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
      Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FDE4C2D-6BD4-475F-B166-DA4DF1A0E6F1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71A08CC1-0FF3-4B9E-9020-279DB1716232}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B76BCADD-B7C5-49C2-8A71-424B5C41EE39}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA66EEB0-5B0E-4A1D-AA72-37A05CB43CD6}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Somoto_V.1 Toolbar
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
      Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
      Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
      Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
      Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
      Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
      Key Found : HKLM\SOFTWARE\Tarma Installer
      Key Found : HKU\S-1-5-21-3269768414-2105484045-1101214325-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
      Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
      Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
      Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
      Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]
      Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
      Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
      Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
      Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
      Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
      Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
      Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
      Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
      Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v10.0.9200.16537

      [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzuzytDtB0BtAyEtBtCzy0F0FtDyByB0AyBtN0D0TzutBtDtCtBtDyCtDzy&cr=1335960002

      -\\ Mozilla Firefox v15.0.1 (en-US)

      File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\prefs.js

      Found : user_pref("CT3282812.FF19Solved", "true");
      Found : user_pref("CT3282812.UserID", "UN25700064971718428");
      Found : user_pref("CT3282812.addressUrlXPETakeover", "true");
      Found : user_pref("CT3282812.autoDisableScopes", -1);
      Found : user_pref("CT3282812.browser.search.defaultthis.en gineName", "true");
      Found : user_pref("CT3282812.defaultSearchXPETakeover", "true");
      Found : user_pref("CT3282812.installDate", "25/3/2013 16:55:43");
      Found : user_pref("CT3282812.installerVersion", "1.3.7.3");
      Found : user_pref("CT3282812.keyword", "true");
      Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
      Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
      Found : user_pref("browser.search.defaultthis.engineName", "Somoto V.1 Customized Web Search");
      Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&CUI[...]
      Found : user_pref("browser.search.selectedEngine", "Somoto V.1 Customized Web Search");
      Found : user_pref("extensions.crossriderapp4479.4479.Insta llationTime", 1342352477);
      Found : user_pref("extensions.crossriderapp4479.4479.activ e", true);
      Found : user_pref("extensions.crossriderapp4479.4479.addre ssbar", "");
      Found : user_pref("extensions.crossriderapp4479.4479.affid", "0");
      Found : user_pref("extensions.crossriderapp4479.4479.backg roundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
      Found : user_pref("extensions.crossriderapp4479.4479.backg roundver", 7);
      Found : user_pref("extensions.crossriderapp4479.4479.can_r un_bg_code", true);
      Found : user_pref("extensions.crossriderapp4479.4479.certd omaininstaller", "");
      Found : user_pref("extensions.crossriderapp4479.4479.chang eprevious", false);
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e.InstallationTime.value", "1342352477");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_aoi.value", "1342352477");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_country_code.expiration", "Mon Nov 26 2012 [...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_country_code.value", "%22US%22");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_crr.value", "1353361370");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_hotfix20111102645.value", "%221%22");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_installer_params.expiration", "Fri Feb 01 2[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_installer_params.value", "%7B%22source_id%2[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_parent_zoneid.value", "%2242874%22");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_product_id.value", "%221242%22");
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
      Found : user_pref("extensions.crossriderapp4479.4479.cooki e._GPL_zoneid.value", "%2256743%22");
      Found : user_pref("extensions.crossriderapp4479.4479.descr iption", "Save big with Giant Savings! Coupons dis[...]
      Found : user_pref("extensions.crossriderapp4479.4479.domai n", "");
      Found : user_pref("extensions.crossriderapp4479.4479.email sig", "");
      Found : user_pref("extensions.crossriderapp4479.4479.enabl esearch", false);
      Found : user_pref("extensions.crossriderapp4479.4479.expos esites", "");
      Found : user_pref("extensions.crossriderapp4479.4479.fbrem oteurl", "");
      Found : user_pref("extensions.crossriderapp4479.4479.group", 0);
      Found : user_pref("extensions.crossriderapp4479.4479.homep age", "");
      Found : user_pref("extensions.crossriderapp4479.4479.ifram e", false);
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_appVer.value", "44");
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_lastVersion.expiration", "Fri Feb [...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_lastVersion.value", "0");
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_meta.value", "%7B%7D");
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_nextCheck.expiration", "Mon Nov 19[...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_nextCheck.value", "true");
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_queue.expiration", "Fri Feb 01 203[...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_queue.value", "%7B%7D");
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_remote_resources.expira tion", "Fri[...]
      Found : user_pref("extensions.crossriderapp4479.4479.inter naldb.Resources_remote_resources.value", "%7B%22re[...]
      Found : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
      Found : user_pref("extensions.crossriderapp4479.4479.manif esturl", "");
      Found : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
      Found : user_pref("extensions.crossriderapp4479.4479.newta b", "");
      Found : user_pref("extensions.crossriderapp4479.4479.opens earch", "");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.code", "appAPI._cr_config={appID:funct[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.name", "base");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1.ver", 3);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.code", "Array.prototype.indexOf|[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.name", "GPL Plugin (Loader)");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000014.ver", 7);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.name", "GPL Background (BG)");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_1000015.ver", 4);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.code", "(function(a){a.selectedText=f[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.name", "CrossriderAppUtils");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_13.ver", 2);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.name", "CrossriderUtils");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_14.ver", 2);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.code", "(function(f){var u={};var e=M[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.name", "FacebookFFIE");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_15.ver", 1);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.code", "if((typeof isBackground===\"u[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.name", "FFAppAPIWrapper");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_16.ver", 4);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.code", "if(typeof window!==\"undefine[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.name", "jQuery");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_17.ver", 3);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.code", "var CrossriderDebugManager=(f[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.name", "debug");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_21.ver", 3);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.code", "(function(a){appAPI.queueMana[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.name", "resources");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_22.ver", 2);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.code", "var CrossriderInitializerPlug[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.name", "initializer");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_28.ver", 2);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.name", "jquery_1_7_1");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_4.ver", 3);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.code", "(function(){appAPI.ready=func[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.name", "resources_background");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns.plugin_47.ver", 1);
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns_lists.plugins_0", "17,14,16,47,1000015");
      Found : user_pref("extensions.crossriderapp4479.4479.plugi ns_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
      Found : user_pref("extensions.crossriderapp4479.4479.plugi nsversion", 17);
      Found : user_pref("extensions.crossriderapp4479.4479.premi um", true);
      Found : user_pref("extensions.crossriderapp4479.4479.publi sher", "215 Apps");
      Found : user_pref("extensions.crossriderapp4479.4479.searc hstatus", 0);
      Found : user_pref("extensions.crossriderapp4479.4479.setne wtab", false);
      Found : user_pref("extensions.crossriderapp4479.4479.setti ngsurl", "");
      Found : user_pref("extensions.crossriderapp4479.4479.thank you", "");
      Found : user_pref("extensions.crossriderapp4479.4479.updat einterval", 360);
      Found : user_pref("extensions.crossriderapp4479.4479.ver", 44);
      Found : user_pref("extensions.crossriderapp4479.adsOldValu e", -1);
      Found : user_pref("extensions.crossriderapp4479.apps", "4479");
      Found : user_pref("extensions.crossriderapp4479.bic", "1388a714b91baff26e19dba4f2d7cbef");
      Found : user_pref("extensions.crossriderapp4479.cid", 4479);
      Found : user_pref("extensions.crossriderapp4479.firstrun", false);
      Found : user_pref("extensions.crossriderapp4479.hadappinst alled", true);
      Found : user_pref("extensions.crossriderapp4479.installati ondate", 1342352477);
      Found : user_pref("extensions.crossriderapp4479.lastcheck", 22556023);
      Found : user_pref("extensions.crossriderapp4479.lastchecki tem", 22556023);
      Found : user_pref("extensions.crossriderapp4479.misc.lastB gWorkerTimer", "1342352537353");
      Found : user_pref("extensions.crossriderapp4479.misc.lastD omWorkerTimer", "1342352537348");
      Found : user_pref("extensions.crossriderapp4479.modetype", "production");
      Found : user_pref("extensions.enabledAddons", "crossriderapp4479@crossrider.com:0.81.13,{972ce4c6-7e08-4474-[...]
      Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282812&SearchSource=2&CU[...]
      Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
      Found : user_pref("smartbar.originalSearchAddressUrl", "");
      Found : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
      Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&Sea[...]
      Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812[...]
      Found : user_pref("smartbar.originalHomepage", "about:home");

      File : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\prefs.js

      Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
      Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
      Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B905b6589-7f8a-4ead-b280-2b13b4874c42[...]

      File : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\prefs.js

      Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.0.5");
      Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
      Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
      Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B42fdbde1-5c19-41ed-8ba2-363a95283e25[...]

      -\\ Google Chrome v26.0.1410.64

      File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Found [l.797] : homepage = "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN25649028037664866&UM=2",
      Found [l.982] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN25649028037664866&UM=2" ]

      File : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      File : C:\Users\Lindsey\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [44313 octets] - [05/05/2013 21:31:44]
      AdwCleaner[R2].txt - [44311 octets] - [05/05/2013 21:41:54]

      ########## EOF - C:\AdwCleaner[R2].txt - [44372 octets] ##########
      _______________________________________ _____________________________________
      # AdwCleaner v2.300 - Logfile created 05/06/2013 at 09:01:35
      # Updated 28/04/2013 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : Will - STUDIO1
      # Boot Mode : Normal
      # Running from : C:\Users\Will\Desktop\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      File Deleted : C:\END
      File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
      File Deleted : C:\Users\Steve\AppData\Local\funmoods.crx
      File Deleted : C:\Users\Steve\AppData\Local\funmoods-speeddial.crx
      File Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
      File Deleted : C:\Users\Steve\AppData\Local\Temp\Searchqu.ini
      File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\searchplugins\Conduit.xml
      File Deleted : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\searchplugins\search-here.xml
      Folder Deleted : C:\Program Files (x86)\Ask.com
      Folder Deleted : C:\Program Files (x86)\AVG Secure Search
      Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
      Folder Deleted : C:\Program Files (x86)\Conduit
      Folder Deleted : C:\Program Files (x86)\DefaultTab
      Folder Deleted : C:\Program Files (x86)\Funmoods
      Folder Deleted : C:\Program Files (x86)\SearchProtect
      Folder Deleted : C:\Program Files (x86)\Somoto_V.1
      Folder Deleted : C:\Program Files (x86)\uTorrentControl2
      Folder Deleted : C:\Program Files (x86)\v-Grabber
      Folder Deleted : C:\Program Files (x86)\Wajam
      Folder Deleted : C:\ProgramData\AVG Secure Search
      Folder Deleted : C:\ProgramData\InstallMate
      Folder Deleted : C:\ProgramData\Premium
      Folder Deleted : C:\ProgramData\Tarma Installer
      Folder Deleted : C:\ProgramData\WeCareReminder
      Folder Deleted : C:\Users\Lindsey\AppData\Local\AVG Secure Search
      Folder Deleted : C:\Users\Lindsey\AppData\Local\Giant Savings
      Folder Deleted : C:\Users\Lindsey\AppData\LocalLow\AskToolbar
      Folder Deleted : C:\Users\Lindsey\AppData\LocalLow\AVG Secure Search
      Folder Deleted : C:\Users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\rah9y96e.default\extensions\crossriderapp4479@crossrider.com
      Folder Deleted : C:\Users\Steve\AppData\Local\AVG Secure Search
      Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
      Folder Deleted : C:\Users\Steve\AppData\Local\Temp\avg@toolbar
      Folder Deleted : C:\Users\Steve\AppData\Local\Temp\CT3282812
      Folder Deleted : C:\Users\Steve\AppData\LocalLow\AskToolbar
      Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Secure Search
      Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit
      Folder Deleted : C:\Users\Steve\AppData\LocalLow\Funmoods
      Folder Deleted : C:\Users\Steve\AppData\LocalLow\uTorrentControl2
      Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
      Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
      Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
      Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
      Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\tjlhppvk.default\extensions\crossriderapp4479@crossrider.com
      Folder Deleted : C:\Users\Steve\AppData\Roaming\SearchProtect
      Folder Deleted : C:\Users\Will\AppData\Local\APN
      Folder Deleted : C:\Users\Will\AppData\Local\AVG Secure Search
      Folder Deleted : C:\Users\Will\AppData\Local\Wajam
      Folder Deleted : C:\Users\Will\AppData\LocalLow\AskToolbar
      Folder Deleted : C:\Users\Will\AppData\LocalLow\AVG Secure Search
      Folder Deleted : C:\Users\Will\AppData\LocalLow\Conduit
      Folder Deleted : C:\Users\Will\AppData\LocalLow\PriceGong
      Folder Deleted : C:\Users\Will\AppData\LocalLow\Somoto_V.1
      Folder Deleted : C:\Users\Will\AppData\LocalLow\uTorrentControl2
      Folder Deleted : C:\Users\Will\AppData\Roaming\DefaultTab
      Folder Deleted : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
      Folder Deleted : C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
      Folder Deleted : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yfujs3sr.default\jetpack
      Folder Deleted : C:\Users\Will\AppData\Roaming\SearchProtect
      Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

      ***** [Registry] *****

      Key Deleted : HKCU\Software\1ClickDownload
      Key Deleted : HKCU\Software\APN
      Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
      Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
      Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
      Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
      Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
      Key Deleted : HKCU\Software\AppDataLow\Toolbar
      Key Deleted : HKCU\Software\Ask.com
      Key Deleted : HKCU\Software\AVG Secure Search
      Key Deleted : HKCU\Software\Default Tab
      Key Deleted : HKCU\Software\DefaultTab
      Key Deleted : HKCU\Software\Funmoods
      Key Deleted : HKCU\Software\InstallCore
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
      Key Deleted : HKCU\Software\Optimizer Pro
      Key Deleted : HKCU\Software\pc optimizer pro
      Key Deleted : HKCU\Software\SearchProtect
      Key Deleted : HKCU\Software\Wajam
      Key Deleted : HKCU\Software\wecarereminder
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\Software\APN
      Key Deleted : HKLM\Software\AskToolbar
      Key Deleted : HKLM\Software\AVG Secure Search
      Key Deleted : HKLM\Software\AVG Security Toolbar
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
      Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
      Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
      Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
      Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
      Key Deleted : HKLM\SOFTWARE\Classes\f
      Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
      Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
      Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
      Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
      Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
      Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
      Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
      Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
      Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
      Key Deleted : HKLM\SOFTWARE\Classes\S
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\Software\Default Tab
      Key Deleted : HKLM\Software\DefaultTab
      Key Deleted : HKLM\Software\Freeze.com
      Key Deleted : HKLM\Software\Funmoods
      Key Deleted : HKLM\Software\Iminent
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B673DD09-E496-4A82-8144-D16AD900B303}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Sage
      • Thanked: 855
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: "High CPU usage by Comodo Dragon"
      « Reply #3 on: May 06, 2013, 12:45:23 PM »
      Please run the other two scanners and post the logs.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

      nomederai

        Topic Starter


        Starter

        • Experience: Familiar
        • OS: Windows 7
        Re: "High CPU usage by Comodo Dragon"
        « Reply #4 on: May 06, 2013, 02:02:58 PM »
        That's strange I couldve sworn i posted those... here you go

        Malwarebytes Anti-Malware (Trial) 1.75.0.1300
        www.malwarebytes.org

        Database version: v2013.05.06.01

        Windows 7 Service Pack 1 x64 NTFS
        Internet Explorer 10.0.9200.16540
        Will :: STUDIO1 [administrator]

        Protection: Enabled

        5/5/2013 9:43:14 PM
        MBAM-log-2013-05-06 (08-46-52).txt

        Scan type: Full scan (C:\|D:\|G:\|)
        Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
        Scan options disabled: P2P
        Objects scanned: 803672
        Time elapsed: 2 hour(s), 3 minute(s),

        Memory Processes Detected: 6
        C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe (Backdoor.Bot) -> 2212 -> No action taken.
        C:\Users\Will\AppData\Roaming\Intel Update Drives\Intel Drivers.exe (Trojan.BitMiner) -> 4000 -> No action taken.
        C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe (Trojan.Dropper.DX) -> 4056 -> No action taken.
        C:\Users\Will\AppData\Local\Temp\SearchFillterHost.exe (Trojan.PasswordStealer.Gen) -> 4632 -> No action taken.
        C:\Users\Will\AppData\Roaming\Win Defense\Windows Defender.exe (Trojan.BitMiner) -> 4908 -> No action taken.
        C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe (Backdoor.Messa) -> 2912 -> No action taken.

        Memory Modules Detected: 0
        (No malicious items detected)

        Registry Keys Detected: 30
        HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
        HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.
        HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
        HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
        HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
        HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
        HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
        HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
        HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
        HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
        HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
        HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
        HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
        HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
        HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
        HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
        HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
        HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
        HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
        HKCR\f (PUP.Funmoods) -> No action taken.
        HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
        HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
        HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> No action taken.
        HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
        HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.
        HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.
        HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.

        Registry Values Detected: 8
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Backdoor.Bot) -> Data: C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Intel Updates (Trojan.Dropper.DX) -> Data: "C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe" -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ZUGfTIZlRQB (Backdoor.Agent.DC) -> Data: "C:\Users\Will\AppData\Roaming\OHdZ0Qt0w9E\uRr6O1N5BfR.exe" -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinDefenders (Trojan.MSIL) -> Data: "C:\Users\Will\AppData\Roaming\rwSEB3PMn\DxhEet9o9.exe" -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Driver X (Trojan.MSIL) -> Data: "C:\Users\Will\AppData\Roaming\J41uGDd3Xe\Drivers Update.exe" -> No action taken.
        HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
        HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data:  -> No action taken.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe -> No action taken.

        Registry Data Items Detected: 0
        (No malicious items detected)

        Folders Detected: 8
        C:\Users\Will\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> No action taken.

        Files Detected: 96
        C:\Users\Will\AppData\Roaming\Win Defense\Mining.exe (Backdoor.Bot) -> No action taken.
        C:\Users\Will\AppData\Roaming\Intel Update Drives\Intel Drivers.exe (Trojan.BitMiner) -> No action taken.
        C:\Users\Will\AppData\Roaming\zK37dPMF\Driver Updates.exe (Trojan.Dropper.DX) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\SearchFillterHost.exe (Trojan.PasswordStealer.Gen) -> No action taken.
        C:\Users\Will\AppData\Roaming\Win Defense\Windows Defender.exe (Trojan.BitMiner) -> No action taken.
        C:\Users\Will\AppData\Roaming\OHdZ0Qt0w9E\uRr6O1N5BfR.exe (Backdoor.Agent.DC) -> No action taken.
        C:\Users\Will\AppData\Roaming\rwSEB3PMn\DxhEet9o9.exe (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Roaming\J41uGDd3Xe\Drivers Update.exe (Trojan.MSIL) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RCXDDNL.exe (Backdoor.Agent.DC) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R1F03PO\installer.volonet.playbryte-fa.exe (PUP.PlayBryte) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R5MNA8S\Adobe Bridge CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$R5MNA8S\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RR543V5\32bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\$RECYCLE.BIN\S-1-5-21-3269768414-2105484045-1101214325-1001\$RR543V5\64bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Superbrothers - Sword & Sworcery EP\TDU500.exe (Packer.ModifiedUPX) -> No action taken.
        C:\Users\Lindsey\Downloads\adobe flash player ie setup.exe (PUP.AdBundle) -> No action taken.
        C:\Users\Lindsey\Lindsey Laptop\Downloads\FLVPlayerSetup.exe (Adware.Installcore) -> No action taken.
        C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KB9J6UU\Final%20Updates[1] (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY6CH3L2\WAN%20Updates[1] (Trojan.Dropper.DX) -> No action taken.
        C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9JJF1T1\WAN%20Updates[1] (Trojan.Dropper.DX) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\26831.exe (Trojan.Dropper.DX) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\83506.exe (Trojan.Dropper.DX) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\89887.exe (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\95923.exe (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Roaming\07XZIJIKXT6Newest Installs.exe (Backdoor.Agent.DC) -> No action taken.
        C:\Users\Will\AppData\Roaming\29IZWDLOSend Out.exe (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Roaming\7JH69HKJLKNewest Installs.exe (Backdoor.Agent.DC) -> No action taken.
        C:\Users\Will\AppData\Roaming\FWJNLQBQH2OVQHNewest Installs.exe (Backdoor.Agent.DC) -> No action taken.
        C:\Users\Will\AppData\Roaming\svchost.exe (Trojan.Agent) -> No action taken.
        C:\Users\Will\AppData\Roaming\THDUBU1W9Send Out.exe (Trojan.MSIL) -> No action taken.
        C:\Users\Will\AppData\Roaming\WSZTC2NFPsvcchost.exe (Backdoor.Bot) -> No action taken.
        C:\Users\Will\AppData\Roaming\PC Protection\PC Protection.exe (Trojan.BCMiner) -> No action taken.
        C:\Users\Will\Downloads\EpicBot.exe (Trojan.PasswordStealer.Gen) -> No action taken.
        C:\Users\Will\Downloads\Photoshop\DLL FILE\32bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\Users\Will\Downloads\Photoshop\DLL FILE\64bit\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
        C:\Users\Steve\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
        C:\Users\Steve\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\WinDefense.exe (Backdoor.Agent) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-21-6.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-30-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2012-12-31-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-01-01-3.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-01-10-5.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-01-20-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-01-23-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-01-30-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-02-11-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-02-14-5.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-02-27-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-03-04-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-03-13-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-03-21-5.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-04-07-1.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-04-10-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-04-13-7.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-04-22-2.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-04-24-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\dclogs\2013-05-01-4.dc (Stolen.Data) -> No action taken.
        C:\Users\Will\AppData\Roaming\Keylogger (Stolen.Data) -> No action taken.
        C:\Users\Will\Templates\InteliTrace.exe (Backdoor.Agent.DC) -> No action taken.
        C:\Users\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken.
        C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken.
        C:\Users\Will\AppData\Local\Temp\cc.vbs (Trojan.Agent.VBS) -> No action taken.
        C:\Users\Will\AppData\Roaming\5N1NFAMKS8.exe (Backdoor.Messa) -> No action taken.
        C:\Users\Will\AppData\Roaming\Microsoft\Windows\Templates\InteliTrace.exe (Backdoor.Messa) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> No action taken.
        C:\Users\Steve\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> No action taken.
        C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> No action taken.

        (end)

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Junkware Removal Tool (JRT) by Thisisu
        Version: 4.9.3 (04.29.2013:2)
        OS: Windows 7 Home Premium x64
        Ran by Will on Mon 05/06/2013 at  9:12:13.31
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




        ~~~ Services



        ~~~ Registry Values

        Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3269768414-2105484045-1101214325-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
        Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
        Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



        ~~~ Registry Keys

        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{352D5E23-01F9-4282-BC7C-EE0255E32825}
        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C34D783B-EA43-4057-868A-37FC87374406}
        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D4871E0B-C3B2-4883-AB8D-235BC18B206B}
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{352D5E23-01F9-4282-BC7C-EE0255E32825}
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
        Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



        ~~~ Files

        Successfully deleted: [File] C:\eula.1028.txt
        Successfully deleted: [File] C:\eula.1031.txt
        Successfully deleted: [File] C:\eula.1033.txt
        Successfully deleted: [File] C:\eula.1036.txt
        Successfully deleted: [File] C:\eula.1040.txt
        Successfully deleted: [File] C:\eula.1041.txt
        Successfully deleted: [File] C:\eula.1042.txt
        Successfully deleted: [File] C:\eula.2052.txt
        Successfully deleted: [File] C:\install.res.1028.dll
        Successfully deleted: [File] C:\install.res.1031.dll
        Successfully deleted: [File] C:\install.res.1033.dll
        Successfully deleted: [File] C:\install.res.1036.dll
        Successfully deleted: [File] C:\install.res.1040.dll
        Successfully deleted: [File] C:\install.res.1041.dll
        Successfully deleted: [File] C:\install.res.1042.dll
        Successfully deleted: [File] C:\install.res.2052.dll
        Successfully deleted: [File] C:\install.res.3082.dll
        Successfully deleted: [File] "C:\windows\couponprinter.ocx"



        ~~~ Folders

        Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
        Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



        ~~~ FireFox

        Successfully deleted: [File] C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\searchplugins\my-homepage.xml
        Successfully deleted the following from C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\prefs.js

        user_pref("extensions.crossrider.bic", "1386422094dc5c2a305b51a8a7770702");
        Emptied folder: C:\Users\Will\AppData\Roaming\mozilla\firefox\profiles\yfujs3sr.default\minidumps [39 files]



        ~~~ Chrome

        Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm



        ~~~ Event Viewer Logs were cleared





        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Scan was completed on Mon 05/06/2013 at  9:17:23.70
        End of JRT log
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Sage
        • Thanked: 855
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: "High CPU usage by Comodo Dragon"
        « Reply #5 on: May 06, 2013, 03:40:15 PM »
        Please run MBAM again and "Remove the infections". That should clear up a lot of your problems.

        Download Combofix from any of the links below, and save it to your DESKTOP
        If your version of Windows defaults to you download folder you will need to copy it to your desktop.

        Link 1
        Link 2
        Link 3

        To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
        • Close any open windows and double click ComboFix.exe to run it.

          You will see the following image:


        Click I Agree to start the program.

        ComboFix will then extract the necessary files and you will see this:



        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

        It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

        If you did not have it installed, you will see the prompt below. Choose YES.



        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

        **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



        Click on Yes, to continue scanning for malware.

        When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

        Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

        Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        harry045



          Newbie

          • Experience: Beginner
          • OS: Windows 7
          Re: "High CPU usage by Comodo Dragon"
          « Reply #6 on: May 13, 2013, 12:47:14 AM »
          Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  If you want to help, please go here. Superdave.
          « Last Edit: May 13, 2013, 04:04:17 PM by SuperDave »
          www.internetisfun.com   
          Amazing Pictures   Amazing Pictures
          Amazing Photos   Amazing Photos