start 
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
2016-04-08 11:42 - 2016-04-08 11:42 - 00023108 _____ C:\WINDOWS\system32\emptyregdb.dat
Task: {B6469584-BC2B-4998-9C5D-83B9DECA4B11} - System32\Tasks\{FC781EAA-AA63-4DD7-93EE-A13E818E533D} => pcalua.exe -a C:\Users\natha\Desktop\FxRajump.exe -d C:\Users\natha\Desktop


EmptyTemp:
end