CloseProcesses:
cmd: tskill dllhost.exe /A
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3983877291-739015982-1896218759-1383\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3983877291-739015982-1896218759-1383\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-11-12 08:05 - 2014-11-12 08:05 - 00003074 _____ () C:\Windows\System32\Tasks\{8A6E51D7-7021-4317-A579-62ED166432C7}
2014-11-11 17:37 - 2014-11-12 16:24 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-11 17:37 - 2014-11-12 16:24 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-11 17:36 - 2014-11-11 17:36 - 00000448 ____H () C:\Users\smitchell\AppData\Roaming\麽鎒駓覜
2014-11-05 19:32 - 2014-11-05 19:32 - 00071168 _____ () C:\Windows\system32\ktqop.dll
2014-11-05 19:32 - 2014-11-05 19:32 - 00003856 _____ () C:\Windows\System32\Tasks\{ECA05FA2-98BB-4CF5-AA5D-56FF06BF7E5C}
2014-11-05 19:32 - 2014-11-05 19:32 - 00000000 _____ () C:\Windows\system32\znnwta.dll
Task: {46909233-526B-4391-9047-346B6502A199} - System32\Tasks\{AA88674B-CE3E-4C9F-9819-A0D58FA1779C} => F:\setup.exe
Task: {64631B93-743D-4F02-9753-FFC95D84D5BC} - System32\Tasks\{ED973462-20C4-4905-A3CF-770938312A4B} => F:\setup.exe
Task: {79E62E52-FC47-4C27-9436-B922651E66F6} - System32\Tasks\{AC051604-2288-4A79-88BB-D0DF6CD172C0} => F:\setup.exe
Task: {7EB4E208-7686-44E7-9EA3-E4F854C25E34} - System32\Tasks\{3CC3633A-FD2A-40D3-A8ED-A952FF23578C} => F:\setup.exe
Task: {81053694-E3FD-413F-8ABA-B4D3AF07AF9A} - System32\Tasks\{ECA05FA2-98BB-4CF5-AA5D-56FF06BF7E5C} => C:\Windows\system32\ktqop.dll [2014-11-05] ()
EmptyTemp: