CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-3776436097-723394573-1936639148-1000 -> DefaultScope {F47323BD-5FF4-45D8-810C-78340460B302} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3776436097-723394573-1936639148-1000 -> {F47323BD-5FF4-45D8-810C-78340460B302} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3776436097-723394573-1936639148-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-02] (Pando Networks)
FF Plugin HKU\S-1-5-21-3776436097-723394573-1936639148-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-02] (Pando Networks)
CHR DefaultSearchURL: Default -> hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=f005ae60000000000000685d43cac930
CHR DefaultSearchKeyword: Default -> delta-search.com
CHR Extension: (Delta Toolbar) - C:\Users\Yardy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-10-01] [UpdateUrl: hxxp://upd.info-stream.net/chromecrx/update.php] <==== ATTENTION
CHR Extension: (WhiteSmoke B) - C:\Users\Yardy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp [2014-04-04] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3279141&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Yardy\AppData\Roaming\BabSolution\CR\Delta.crx [2013-03-03]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Yardy\installer.exe
CustomCLSID: HKU\S-1-5-21-3776436097-723394573-1936639148-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> no filepath
Task: {07FF8D3A-8E77-44E4-AE2D-D865AEDBAB3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {23274179-73C6-4E15-8676-30142A9B5B2C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {43941F34-01E1-4B74-9F58-BCB81987BD80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {54CF9385-5942-4AE9-8435-DC39BDCC68A8} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {566A21AC-54A6-48EC-B86A-908010739AE0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5E7767EC-0BC0-4CA3-B03D-00B5BAD8ACA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {92F92ACC-E5F6-4651-873C-B945563D0268} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BDB30E4B-BC54-4CB2-950C-6D74DF314E53} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C5DC0308-314C-4387-9DE8-100E559F5745} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D8F1802A-55C3-4B62-92CF-60D5130BCFE3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F8C7961D-2BDB-475B-91C0-02F27917B31C} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: