CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=GB&unqvl=90
HKU\S-1-5-21-2478687358-2742622356-1538513735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hot...&cc=gb&unqvl=90
URLSearchHook: HKU\S-1-5-21-2478687358-2742622356-1538513735-1000 - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - No File
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GB&unqvl=90
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GB&unqvl=90
SearchScopes: HKU\S-1-5-21-2478687358-2742622356-1538513735-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hot...&cc=GB&unqvl=90
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Toolbar: HKU\S-1-5-21-2478687358-2742622356-1538513735-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (ShopAtHomecom extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp [2015-07-31]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Narcissistic Fear; C:\Users\Home\AppData\Roaming\Narcissistic Fear\Narcissistic Fear.exe [X]
2015-07-31 22:51 - 2015-07-31 22:51 - 00003244 _____ C:\Windows\System32\Tasks\{5C9A3D9E-667D-4A81-B944-E3136DCE118B}
2015-07-31 22:50 - 2015-07-31 22:50 - 00003202 _____ C:\Windows\System32\Tasks\{600FD7AA-D47C-48DD-9947-F9D1DF682576}
2015-07-31 17:59 - 2015-07-31 23:15 - 00000000 ____D C:\Program Files (x86)\ShopAtHomecom extension
2015-07-31 17:58 - 2015-07-31 17:59 - 00000000 ____D C:\ProgramData\9218317531913342215
2015-07-31 17:58 - 2015-07-31 17:58 - 00000000 ____D C:\ProgramData\almpcfmdejnldidkcijijbbcliocamdh
2015-07-31 17:58 - 2015-07-31 17:58 - 00000000 ____D C:\Program Files (x86)\CutThePriCee
2015-07-31 17:57 - 2015-07-31 17:57 - 00000000 ____D C:\Users\Home\AppData\Roaming\Narcissistic Fear
2013-10-19 11:51 - 2013-10-19 11:51 - 50053120 _____ () C:\Program Files (x86)\GUT1536.tmp
Task: {3F74F83A-B88F-4F2D-870B-3717D65FACCA} - System32\Tasks\{600FD7AA-D47C-48DD-9947-F9D1DF682576} => pcalua.exe -a "C:\Program Files (x86)\CutThePrice\7jbcnwJ2DzKPf8.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {8A8E1E30-F2C1-4D56-AA07-0065042F7F12} - System32\Tasks\4574 => Wscript.exe C:\Users\Home\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9D35E543-2B9A-4607-B04F-CD99671D8C22} - System32\Tasks\{5C9A3D9E-667D-4A81-B944-E3136DCE118B} => pcalua.exe -a "C:\Program Files (x86)\ShopAtHomecom extension\ShopAtHomecom extension.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {FA5A894F-DC19-40B8-8CC5-208231B289DF} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /f
reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /f
reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
Hosts:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
EmptyTemp: