CloseProcesses:
cmd: tskill omgolld.exe /A
cmd: tskill dllhost.exe /A
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Run: [uywtdidl] => regsvr32.exe /s "C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}\uywtdidl.dll" <===== ATTENTION
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...\MountPoints2: {476004d4-edba-11e1-a566-446d5756518c} - K:\LaunchU3.exe -a
HKU\S-1-5-21-872580572-3677183479-2035353063-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
FF Extension: vShare - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fpd5yyrg.default\Extensions\vshareus@toolbar [2010-12-13]
2014-11-11 17:48 - 2014-11-11 17:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D4120177-A982-4288-BF2E-A5B00808978A}
2014-11-10 18:05 - 2014-11-10 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3F658E4D-1485-4ABE-AE76-729E34E274D5}
2014-11-09 11:43 - 2014-11-09 11:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\{97691D80-D897-446F-BFFA-4EFA1D65BFAF}
2014-11-08 21:54 - 2014-11-08 21:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E198A45A-786E-455B-9F73-EEBE9DB6B089}
2014-11-07 11:33 - 2014-11-07 11:33 - 00000000 ____D () C:\Users\Kim\AppData\Local\{2141A49A-9E35-47A1-851E-1733BD58F51E}
2014-11-05 22:28 - 2014-11-05 22:28 - 00003860 _____ () C:\Windows\System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17}
2014-11-05 22:28 - 2014-11-05 22:28 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 _____ () C:\Windows\system32\jghzak.dll
2014-11-05 21:31 - 2014-11-05 21:32 - 00000000 ____D () C:\Users\Kim\AppData\Local\{A01BAF2A-0C15-49E7-B92A-D78AACB8BB09}
2014-11-04 12:14 - 2014-11-04 12:15 - 00000000 ____D () C:\Users\Kim\AppData\Local\{CEA1D549-A593-47C5-9B84-EBD6E1AE95E8}
2014-11-03 22:13 - 2014-11-03 22:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0D834D86-506F-40F9-A26D-4FCEFB3BD44E}
2014-11-02 12:23 - 2014-11-02 12:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{5CC63EA1-E6CB-4B2D-B6D5-AF7B8833D5A9}
2014-11-01 11:38 - 2014-11-01 11:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{E0654785-8AB6-406A-985E-DA374895341A}
2014-11-01 11:21 - 2014-11-01 11:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4770C446-96A2-44D5-BC8A-555679F6E610}
2014-10-29 18:33 - 2014-10-29 18:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4B351570-AB27-4E32-AB1D-79B659FB0923}
2014-10-29 17:51 - 2014-10-29 17:51 - 00000000 ____D () C:\Users\Kim\AppData\Local\{5DDDA557-C6BA-4D2F-B59D-31515A88F6F8}
2014-10-28 16:52 - 2014-10-28 16:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D592530-9D83-41E8-BCC3-69DB573A9E90}
2014-10-27 19:56 - 2014-10-27 19:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9462FF60-37FC-44C5-B5F3-C5BBBC76BBDA}
2014-10-26 20:58 - 2014-10-26 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0ECC6AB-7D37-4498-BEFC-1EE8F063D99B}
2014-10-26 08:57 - 2014-10-26 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{077422B7-99C9-4A3D-829D-61DE8AB60277}
2014-10-25 17:53 - 2014-10-25 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{378B1B26-F0AF-4482-8DDC-978BC0E4E524}
2014-10-19 08:50 - 2014-10-19 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\{985D561A-22E5-4E92-9C64-C4FF6906FAFB}
2014-10-15 06:33 - 2014-10-15 06:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FAC51A51-AF27-4D65-B0D2-4F57A6949055}
2014-10-14 11:24 - 2014-10-14 11:24 - 00000000 ____D () C:\Users\Kim\AppData\Local\{C2918F44-E485-4C66-AF1A-7A87F917F8C2}
2014-10-13 12:38 - 2014-10-13 12:38 - 00000000 ____D () C:\Users\Kim\AppData\Local\{9D184A2D-6CDB-419F-8821-36D498BF925C}
CustomCLSID: HKU\S-1-5-21-872580572-3677183479-2035353063-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {55267EC8-D097-4175-BB7E-17CDCA123D07} - System32\Tasks\{1AD2BFBF-4FBB-FFAB-4DDF-B54DB4BB2C17} => C:\Windows\system32\xkrcuql.dll/s "C:\Windows\system32\xkrcuql.dll"
C:\Users\Owner\AppData\Local\{80BD9E64-9F07-4A15-A9C9-BC0493984335}
C:\Users\Owner\AppData\LocalLow\Zenfolio
cmd: type C:\Users\Owner\Desktop\AdwCleaner[S1].txt
cmd: type C:\Users\Administrator\Desktop\AdwCleaner[S0].txt
cmd: type C:\Users\Owner\Desktop\11122014_084827.log
EmptyTemp: