Start::
SystemRestore: on
CloseProcesses:
CreateRestorePoint:
Removeproxy:
Hosts:
ShortcutWithArgument: C:\Users\xav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Move Your Sub.com.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ikicoaebpbaljffokijeadepdckjiaal
HKU\S-1-5-21-4198092444-1068901214-1710953190-1002\...\StartupApproved\Run: => "cacaoweb"
HKU\S-1-5-21-4198092444-1068901214-1710953190-1002\...\StartupApproved\Run: => "Chromium"
DeleteKey: HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
DeleteKey: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
DeleteKey: HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
DeleteKey: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
cmd: schtasks /Delete /TN "DropboxUpdateTaskMachineCore" /f
cmd: schtasks /Delete /TN "Adobe Flash Player PPAPI Notifier" /f
DeleteKey: HKLM-x32\...\Run|
C:\Users\xav\AppData\Roaming\uTorrent
C:\Users\xav\AppData\LocalLow\uTorrent
C:\Users\xav\AppData\Local\chromium
C:\Program Files (x86)\Chromium
C:\Users\xav\AppData\Roaming\Azureus
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
cmd: netsh winsock reset
Emptytemp: 
End::