CloseProcesses: CreateRestorePoint: EmptyTemp: Tcpip\..\Interfaces\{1CC5B3A0-B268-4D2C-8C38-1677026E66F9}: [DhcpNameServer] 83.222.133.152 83.222.133.150 83.222.133.151 Tcpip\..\Interfaces\{B7FAD5FE-6458-4B18-8939-A90656E0DE6E}: [DhcpNameServer] 172.168.130.2 Tcpip\..\Interfaces\{F26D9245-902C-492D-AB64-E7F09CEEB92F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 HKU\S-1-5-21-3728662754-2303792895-3717455824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ch.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_kmpswt_17_05¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dch%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzy0EyEyEyEzzyE0ByCzyzytN0D0Tzu0StCzzyDzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyDyDtByBzz0A0D0AtGtB0CzyzytG0BtB0AyDtGyC0DyByBtGtDzzyCtCyDyC0ByD0BtC0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByBzzzz0AtD0AtG0B0EzzzztGyE0FyD0CtG0B0C0AyCtGzzzzyByB0AtDtCtCyBtC0CtD2QtN0A0LzuyE%26cr%3D525671438%26a%3Dwnf_kmpswt_17_05%26os_ver%3D6.3%26os%3DWindows%2B8.1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3728662754-2303792895-3717455824-1001 -> DefaultScope {DE3C349A-AC93-4AA0-8E60-7E41ECA037C3} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_kmpswt_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzy0EyEyEyEzzyE0ByCzyzytN0D0Tzu0StCzzyDzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyDyDtByBzz0A0D0AtGtB0CzyzytG0BtB0AyDtGyC0DyByBtGtDzzyCtCyDyC0ByD0BtC0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByBzzzz0AtD0AtG0B0EzzzztGyE0FyD0CtG0B0C0AyCtGzzzzyByB0AtDtCtCyBtC0CtD2QtN0A0LzuyE%26cr%3D525671438%26a%3Dwnf_kmpswt_17_05%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-3728662754-2303792895-3717455824-1001 -> {DE3C349A-AC93-4AA0-8E60-7E41ECA037C3} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_kmpswt_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzy0EyEyEyEzzyE0ByCzyzytN0D0Tzu0StCzzyDzztN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyDyDtByBzz0A0D0AtGtB0CzyzytG0BtB0AyDtGyC0DyByBtGtDzzyCtCyDyC0ByD0BtC0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByBzzzz0AtD0AtG0B0EzzzztGyE0FyD0CtG0B0C0AyCtGzzzzyByB0AtDtCtCyBtC0CtD2QtN0A0LzuyE%26cr%3D525671438%26a%3Dwnf_kmpswt_17_05%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms} CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtByB0EyCzz0D0Bzzzy0AtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0ByDyE0DtByBtGyC0FtC0DtG0D0E0BzztGtD0AtC0AtGyB0EyCyBtBtC0B0CtA0E0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCyEyC0B0EyEtCtG0Fzz0D0AtGyEyByB0CtGzy0D0D0FtG0EyCtBtDyEyDtD0AtA0CtC0F2Q&cr=60077757&ir=","hxxp://astromenda.com/?f=7&a=ast_ir_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtByB0EyCzz0D0Bzzzy0AtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0ByDyE0DtByBtGyC0FtC0DtG0D0E0BzztGtD0AtC0AtGyB0EyCyBtBtC0B0CtA0E0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCyEyC0B0EyEtCtG0Fzz0D0AtGyEyByB0CtGzy0D0D0FtG0EyCtBtDyEyDtD0AtA0CtC0F2Q&cr=60077757&uref=308&ir=","hxxp://www.dregol.com/?f=7&a=drg_ir_15_29&cd=2XzuyEtN2Y1L1Qzu0DtDyDtAyEzy0EyEyEyEzzyE0ByCzyzytN0D0Tzu0StCtBzytDtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtDyCyBtDtD0CtGyD0Fzz0BtGyCtDyEtCtGtCyB0AtCtG0DtDtCtByB0EtD0A0D0CyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0DtA0CtByC0EtGtDtCtAtBtGyE0C0D0CtGzytD0FzztGtC0C0A0DzyyBzyyBtB0D0DtD2QtN0A0LzuyE&cr=745224234&ir=","hxxps://ch.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_15_49_drg_ir_15_29¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dch%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzy0EyEyEyEzzyE0ByCzyzytN0D0Tzu0StCyEtAtCtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2StC0DyBtDzz0EyD0DtGyCyB0AyBtG0E0EyB0DtGyD0D0D0AtG0FtC0D0EyEyE0Fzy0FyByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0DtA0CtByC0EtGtDtCtAtBtGyE0C0D0CtGzytD0FzztGtC0C0A0DzyyBzyyBtB0D0DtD2QtN0A0LzuyE%26cr%3D625381236%26a%3Dhdr_s_15_49_drg_ir_15_29%26os%3DWindows%2B8.1" CHR HKU\S-1-5-21-3728662754-2303792895-3717455824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [X] CMD: ipconfig /flushdns RemoveProxy: