Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014 Ran by pcrow at 2014-11-20 17:47:55 Run:1 Running from C:\Users\pcrow\Desktop Loaded Profile: pcrow (Available profiles: pcrow) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [Yftlvkwxrffc] => regsvr32.exe /s "C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll" <===== ATTENTION HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\Run: [GoogleUpdate] => C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [20747520 2014-11-14] () HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...\MountPoints2: {45092f40-94ac-11e2-be69-806e6f6e6963} - "E:\Installer.exe" HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\pcrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winup.lnk ShortcutTarget: winup.lnk -> C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe () SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> DefaultScope {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = SearchScopes: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001 -> {890DD081-0B40-4192-8A6F-F4AC250895BE} URL = CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-02] 2014-11-14 17:24 - 2014-11-19 17:20 - 00000000 _____ () C:\ProgramData\@system.temp 2014-11-14 17:24 - 2014-11-15 13:25 - 00000256 ____H () C:\ProgramData\@system3.att 2014-11-14 17:24 - 2014-11-14 17:24 - 00000480 ____H () C:\Users\pcrow\AppData\Roaming\麽鎒駓覜 2014-11-14 17:24 - 2014-11-14 17:24 - 00000000 ____D () C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7 2014-11-14 17:23 - 2014-11-14 17:23 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage CustomCLSID: HKU\S-1-5-21-4001245620-4163921732-3684489738-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7 EmptyTemp: CMD: bitsadmin /reset /allusers ***************** HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yftlvkwxrffc => value deleted successfully. HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate => value deleted successfully. "HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45092f40-94ac-11e2-be69-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{45092f40-94ac-11e2-be69-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. C:\Users\pcrow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winup.lnk => Moved successfully. C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe => Moved successfully. HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-4001245620-4163921732-3684489738-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{890DD081-0B40-4192-8A6F-F4AC250895BE}" => Key deleted successfully. "HKCR\CLSID\{890DD081-0B40-4192-8A6F-F4AC250895BE}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec" => Key deleted successfully. C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx => Moved successfully. C:\ProgramData\@system.temp => Moved successfully. C:\ProgramData\@system3.att => Moved successfully. C:\Users\pcrow\AppData\Roaming\麽鎒駓覜 => Moved successfully. "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7" directory move: Could not move "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe" => Scheduled to move on reboot. Could not move "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7" directory. => Scheduled to move on reboot. C:\ProgramData\Windows Genuine Advantage => Moved successfully. "HKU\S-1-5-21-4001245620-4163921732-3684489738-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. C:\Users\pcrow\AppData\Local\Microsoft\Yftlvkwxrffc.dll => Moved successfully. "C:\Users\pcrow\AppData\Roaming\Adobe\winup.exe" => File/Directory not found. "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf" directory move: C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Eeinebenqd => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Gsisjvl => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Riurudp => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Spqjxkqpefv => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Ylocmzw => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\srecvgrasuy\Fukrtxzwg.js => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\srecvgrasuy\manifest.json => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\debug.log => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\eozdxlivfin.exe => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\36.0.1985.143.manifest => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome.dll => Moved successfully. Could not move "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome_100_percent.pak" => Scheduled to move on reboot. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome_200_percent.pak => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome_child.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome_elf.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\d3dcompiler_43.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\d3dcompiler_46.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\delegate_execute.exe => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\ffmpegsumo.dll => Moved successfully. Could not move "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\icudtl.dat" => Scheduled to move on reboot. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\libegl.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\libexif.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\libglesv2.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\libpeerconnection.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\metro_driver.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\nacl64.exe => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\nacl_irt_x86_32.nexe => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\nacl_irt_x86_64.nexe => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\pdf.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\ppgooglenaclpluginchrome.dll => Moved successfully. Could not move "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\resources.pak" => Scheduled to move on reboot. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\secondarytile.png => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\widevinecdmadapter.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\xinput1_3.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\VisualElements\logo.png => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\VisualElements\smalllogo.png => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\VisualElements\splash-620x300.png => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\PepperFlash\manifest.json => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\PepperFlash\pepflashplayer.dll => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\Locales\en-GB.pak => Moved successfully. Could not move "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\Locales\en-US.pak" => Scheduled to move on reboot. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\Extensions\external_extensions.json => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\docs.crx => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\drive.crx => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\external_extensions.json => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\gmail.crx => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\search.crx => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\default_apps\youtube.crx => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Drhcibkgqyt\Hmslgdkvzfo.js => Moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\Drhcibkgqyt\manifest.json => Moved successfully. Could not move "C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf" directory. => Scheduled to move on reboot. "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7" directory move: Could not move "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe" => Scheduled to move on reboot. Could not move "C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7" directory. => Scheduled to move on reboot. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.6.9200 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {011ED124-30BF-4D6E-B80C-280791DD97C0}. Unable to cancel {B5A496B1-FB25-4AF8-A986-019850C42401}. Unable to cancel {550591BD-6DEB-487E-B93C-1391469185CB}. Unable to cancel {F4BACFAC-8B4B-4D38-A762-B7023AFA1FDE}. Unable to cancel {FF29BACD-9250-4B27-BB64-57DE81EA837A}. Unable to cancel {12D42D90-B277-43F6-9EEA-15CF95E0A4CC}. Unable to cancel {66D09415-6AE4-418C-B6DE-9BAE008984DD}. Unable to cancel {E498E12C-CC07-40B7-B51B-F8E2F0E9E133}. Unable to cancel {3B74CD20-F6AD-4F9B-9A98-AFD237EA627D}. Unable to cancel {64D3F2D0-97B5-4404-ABBE-EF71395A5C23}. Unable to cancel {C8234AFC-E407-4C18-AEB6-3BFE5C7B10F7}. Unable to cancel {04D4ECB1-47EB-42A8-8E13-75CFE7C383F9}. Unable to cancel {DBB46D28-E6C1-40DC-A035-FBF2D7E84B69}. Unable to cancel {E3E0F681-B67C-4B41-A7E8-9B47A9085EA7}. Unable to cancel {0648EA9B-6D1B-4FEF-BD52-3043CE910135}. Unable to cancel {99738ACC-F224-4235-A1AB-F1F8DD034391}. Unable to cancel {A1CDA243-4EEF-4EED-81CD-A8B65EA9E29C}. Unable to cancel {4C176914-6C3B-4EEF-8BF9-2A7FEDDBB112}. Unable to cancel {486740DD-EAA7-4238-ADAF-5AF967FE34C0}. Unable to cancel {F2E08FD7-84A9-46E8-96C7-70277CB450E7}. {46556D60-FA00-4B18-8254-119C7ACE02C9} canceled. {77241CA3-AD57-4DA8-86A7-2845F444A08B} canceled. {36E5B179-0B17-47C1-80D8-D853FBFEF941} canceled. {6BFDDD48-8400-4EA8-9D38-C4D727943A8C} canceled. {F377EFB3-D727-457B-BEA6-3E69D981B5EC} canceled. {2646F32E-3588-4D4B-839A-5829C7D3D1CA} canceled. {730CF6C4-422E-4E1A-A2B6-FB0E9F57D41F} canceled. {AEAF3A21-3361-43FC-8935-A1D5599057F6} canceled. 8 out of 28 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 2.5 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-20 17:56:59)<= C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe => Is moved successfully. C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7 => Is moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\chrome_100_percent.pak => Is moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\icudtl.dat => Is moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\resources.pak => Is moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf\hjhfeqjmcs\36.0.1985.143\Locales\en-US.pak => Is moved successfully. C:\ProgramData\Microsoft\PlayReady\Fgadlgfzxf => Is moved successfully. C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe => Is moved successfully. C:\Users\pcrow\AppData\Roaming\FrameworkUpdate7 => Is moved successfully. ==== End of Fixlog ====