start 
CreateRestorePoint: 
CloseProcesses: 
RemoveProxy: 


ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?ilc=8 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?ilc=8 
SearchScopes: HKU\S-1-5-21-441084707-1445331647-454265335-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 
SearchScopes: HKU\S-1-5-21-441084707-1445331647-454265335-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-441084707-1445331647-454265335-1000 -> {C0813A86-08F3-4103-A833-E921735D658B} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox 
SearchScopes: HKU\S-1-5-21-441084707-1445331647-454265335-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 
FF ProfilePath: C:\Users\TYBA CAFE\AppData\Roaming\Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277 [2017-05-05] 
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277 -> Google 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277 -> hxxp://search.yahoo.com/search?fr=mkg030&p= 
FF Homepage: Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277 -> hxxps://www.google.com.sa/ 
FF Keyword.URL: Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277 -> hxxp://search.yahoo.com/search?fr=mkg030&p= 
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\TYBA CAFE\AppData\Roaming\Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-25] 
FF Extension: (Shield Recipe Client) - C:\Users\TYBA CAFE\AppData\Roaming\Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277\features\{955e4f40-5fee-44ae-a5b3-f6a9df727111}\shield-recipe-client@mozilla.org.xpi [2017-05-04] 
FF ProfilePath: C:\Users\TYBA CAFE\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\j1c870vd.default [2017-05-05] 
FF Homepage: Moonchild Productions\Pale Moon\Profiles\j1c870vd.default -> hxxps://www.google.com.sa/ 
U3 aswbdisk; no ImagePath 
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 



CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp: 
Reboot:
end