SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245"
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
S3 dufetyu; \??\C:\WINDOWS\system32\dufetyu.sys [X]
CustomCLSID: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\amd\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\amd\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\amd\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~2\TOTALV~1\TVCSHE~2.DLL -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:E0EFB096 [141]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474] 
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: