CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File HKU\S-1-5-21-2089535077-2344924200-3396909226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=13769&guid=%7B2B75120E-CD0D-4B64-A47C-EB95FA9076F0%7D&i= HKU\S-1-5-21-2089535077-2344924200-3396909226-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=13769&guid={2B75120E-CD0D-4B64-A47C-EB95FA9076F0}&i= SearchScopes: HKLM -> {2D729514-D958-4181-A440-1015F7E62217} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2089535077-2344924200-3396909226-1001 -> {341F26FB-216A-4EEB-8FF5-70A054CC512D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=13769 SearchScopes: HKU\S-1-5-21-2089535077-2344924200-3396909226-1001 -> {352058B9-7E33-4245-971B-FCBC5EB7A84A} URL = hxxp://search.eshield.com/serp?guid={2B75120E-CD0D-4B64-A47C-EB95FA9076F0}&k={searchTerms} CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S3 dbx; system32\DRIVERS\dbx.sys [X] 2009-02-03 13:21 - 2009-02-03 13:21 - 0239104 _____ (Igor Pavlov) C:\Users\hp\AppData\Roaming\7za.exe Task: {11ACCBDE-A81B-4522-A1EE-E223E0F7D8C5} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {1AF5E416-E8CF-4643-A5D5-EF3E752A6199} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe C:\Program Files\COMODO Task: {26DFF6D3-6AF1-46BC-975C-5698B11D67AF} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {2EC30462-4356-4663-8C87-984AC99BF660} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {37AE376F-8C1E-4198-8064-0BE266518C50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-06] (Google Inc.) Task: {9A9D40C3-23B4-460D-9934-458B61969C46} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {D1E265C4-1D93-4170-B6EF-8AD6807D624E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe AlternateDataStreams: C:\WINDOWS\system32\amdave64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdgfxinfo64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdhcp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdmmcl6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdocl12cl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\amdxc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atieah64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ATIODCLI.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ATIODE.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atisamu64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\coinst_15.20.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DelayAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\detoured.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hsa-thunk64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Netwuw04.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SETBB05.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SETD9EA.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SETF5AA.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SETF689.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdave32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdgfxinfo32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmmcl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl12cl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\amdxc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atieah32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atisamu32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\detoured.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hsa-thunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDAD6.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDBC2.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETF60.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETFE3D.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\aoxheyit.sys:changelist [1018] AlternateDataStreams: C:\WINDOWS\system32\Drivers\appexDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\AtihdWT6.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nkhliunn.sys:changelist [1698] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspLLL64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETF219.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETF559.tmp:$CmdTcID [64] CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns Emptytemp: