start 
CreateRestorePoint: 
CloseProcesses: 
RemoveProxy: 

Winlogon\Notify\DfLogon: LogonDll.dll [X] 
HKU\S-1-5-21-2465256179-1618623775-1583742719-1000\...\MountPoints2: {2bfa26cb-1b02-11e7-ae12-005056c00008} - G:\AutoRun.exe 
HKU\S-1-5-21-2465256179-1618623775-1583742719-1000\...\MountPoints2: {5cc1552d-0ac3-11e7-be2f-806e6f6e6963} - G:\autorun.exe 
HKU\S-1-5-21-2465256179-1618623775-1583742719-1000\...\MountPoints2: {bf67ea72-17d6-11e7-9c7c-005056c00008} - G:\AutoRun.exe 
HKU\S-1-5-21-2465256179-1618623775-1583742719-1000\...\MountPoints2: {bf67ea85-17d6-11e7-9c7c-005056c00008} - G:\AutoRun.exe 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FF DefaultProfile: 91b6kcxx.default 
FF DefaultProfile: 3ooqrun8.default 
FF ProfilePath: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default [2017-05-05] 
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default\Extensions\@all-aboard-v1-6 [2017-03-07] 
FF Extension: (To Google Translate) - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2017-04-29] 
FF Extension: (ImTranslator) - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2017-04-30] 
FF Extension: (Adblock Plus) - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-15] 
FF Extension: (Shield Recipe Client) - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\91b6kcxx.default\features\{0da16ea8-f9af-4644-b135-19cfef54dbb5}\shield-recipe-client@mozilla.org.xpi [2017-05-03] 
FF ProfilePath: C:\Users\Don\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\3ooqrun8.default [2017-05-05] 
FF Homepage: 8pecxstudios\Cyberfox\Profiles\3ooqrun8.default -> www.youtube.com 
FF Extension: (Adblock Plus) - C:\Users\Don\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\3ooqrun8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-15] 
FF Extension: (CyberCTR) - C:\Program Files\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi [2017-02-11] [not signed] 
FF HKU\S-1-5-21-2465256179-1618623775-1583742719-1000\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi 
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-04-25] 
FF Plugin HKU\S-1-5-21-2465256179-1618623775-1583742719-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Don\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 



CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp: 
Reboot:
end