CreateRestorePoint:
Task: {6EE7B04C-350B-4608-BC4E-A60B80BC1693} - System32\Tasks\{6D87EEA5-1509-4B98-A666-FA989574B84C} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {76D3377E-7B04-4FC4-8EAD-045851B5482F} - System32\Tasks\{C7ADE54A-98C4-4561-B488-F4AECB96FC7D} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {AB9B3EB5-4971-4F7A-9C0E-19135FFA8618} - System32\Tasks\{BBE38C98-3012-450E-8C92-66E8326EBD74} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {F6EB4723-55C9-44DE-9544-7C020D42DA2F} - System32\Tasks\{C1C9685A-AA10-481D-A3F6-DD2993E52B97} => pcalua.exe -a "C:\Program Files (x86)\WinZipper\eUninstall.exe" <==== ATTENTION
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Driver Whiz] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
GroupPolicyUsers\S-1-5-21-3839137701-2974941544-2065132041-1007\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> 528CB8441A254254BF9CDE1F824F96E2 URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
BHO: cheAp4alL -> {6157f868-f12f-4ba9-804a-09533fccf080} -> C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.x64.dll [2015-04-15] ()
BHO: Louwpriocees -> {a1c8fa6f-f886-4e2c-a175-0e59314e7bd1} -> C:\Program Files (x86)\Louwpriocees\q5bxY2zF9OCIQL.x64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1424876756&from=cmi&uid=ST2000DL003-9VT166_6YD18AWHXXXX6YD18AWH"
EmptyTemp: