CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1565345802-2626393524-727123170-1001\...\Run: [Owamjpbfqamvliz] => C:\Users\Robert\AppData\Roaming\2plzWi\isoburn.exe [118784 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Owamjpbfqamvliz.lnk [2017-12-19]
ShortcutTarget: Owamjpbfqamvliz.lnk -> C:\Users\Robert\AppData\Roaming\2plzWi\isoburn.exe (Microsoft Corporation)
2017-12-19 12:32 - 2017-12-19 12:32 - 000000000 ____D C:\Users\Robert\AppData\Roaming\2plzWi
2017-12-15 16:11 - 2017-12-18 13:11 - 000000000 ____D C:\Users\Robert\AppData\Roaming\C0Kwe
CustomCLSID: HKU\S-1-5-21-1565345802-2626393524-727123170-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0B87E6F07E0D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {B048BD37-BEA5-457E-BF4A-BB2861ECECB6} - no filepath
2017-12-19 12:32 - 2017-12-19 12:32 - 000000000 ____D C:\Users\Robert\AppData\Roaming\2plzWi
2017-12-11 17:11 - 2017-12-11 17:11 - 000000000 ____D C:\WINDOWS\system32\6978
2017-12-11 16:38 - 2017-12-11 17:11 - 000003568 _____ C:\WINDOWS\System32\Tasks\Nxlvlov
Task: {95FDB844-3333-4CF4-962F-E1BBBD2475CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts: