CloseProcesses: CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {012034B4-6FD0-4BC5-B827-33AD18B56125} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEyByBtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyEyByEzzzzyCtBtGyDzy0CyCtG0E0A0CzytGyDtD0BtCtG0FtCyByDtD0F0A0Azz0FyE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FzytDzyyD0BtDtGyCtByDtCtGyEtB0FtBtGzz0B0FzztGyByB0D0ByEzztDzztAzzzz0E2QtN0A0LzuyE%26cr%3D89528775%26a%3Dwbf_mdaffmarmar_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByE0AyB0A0B0FyD0B0E0EtN0D0Tzu0StCyEzzyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0CyCyE0AyBtD0CtGyEtB0CtCtG0FtDzy0FtGtByDyBtCtG0B0E0C0BtAyB0Fzy0Ezy0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyBtDzz0D0EyC0AtGtC0D0ByCtGyEtD0FyCtG0Azy0FtCtGzzyDtB0B0EyEyBtCtDtAtC0F2QtN0A0LzuyE%26cr%3D1753751548%26a%3Dwbf_mdaffmarmar_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {772A566A-EA97-48C1-9B89-CC702009959F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} U0 SR; no ImagePath U2 srservice; no ImagePath 2016-03-27 08:09 - 2016-03-27 08:13 - 00000000 ____D C:\Users\rober\AppData\LocalLow\uTorrent 2016-04-11 15:48 - 2016-03-06 09:38 - 00000000 ____D C:\ProgramData\MySafeSavings HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION FirewallRules: [{B8348B18-1F87-4292-A169-BD9156CC93D8}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{775FAD2A-7A4C-4091-AE8D-A981F3F5CDC1}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5BAFB290-A994-4E3F-89C7-20A8E5F167D7}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A480469F-5ADF-4B40-A987-F6F62B26823D}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D53D7405-F5EC-4603-AE91-D173E1076B44}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4CD13D5-5B8A-4419-89CE-8A7400071F88}] => (Allow) C:\Users\knapp_000\AppData\Roaming\uTorrent\uTorrent.exe CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns Emptytemp: