CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> DefaultScope {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms} SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {086A4A44-FF44-4451-8103-CEAB832594B6} URL = hxxp://www.bing.com/search?pc=conduit&ptag=A41171EDFAF7747F7B2F&form=CONADR&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms} SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {A935D83E-CFFC-11E4-827D-C03FD57E9D21} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms} SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms} BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.) CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV=" S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X] 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\35AD.tmp 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\33D9.tmp 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\335B.tmp 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\331C.tmp 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\329E.tmp 2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\31A3.tmp 2015-11-18 13:45 - 2015-11-18 13:45 - 00868320 _____ C:\Users\Alan\Downloads\proposal.zip FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Alan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) Task: {FCE61AF5-E7C3-49F6-9897-C3260674B7F9} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: