CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File GroupPolicy: Restriction - Chrome <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File Toolbar: HKU\.DEFAULT -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - U3 idsvc; no ImagePath S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X] Task: {12BBACE1-BF60-4E17-84EE-D1C66B77E7A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {43F48598-6B90-4B51-9055-DE0AA287A089} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {458723E2-28EC-4592-B2E6-CCBE7F21D9F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {597016BC-C9C0-4CE1-9258-3AB43B7B4390} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {68444FA3-025E-4119-AD1C-E8D029529F69} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6A69FF7B-618E-478F-B7FF-172C75ABF0B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6DBF2317-7A17-4B9E-BE6B-E85079B052F4} - System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D} => C:\Users\JButler\AppData\Roaming\{2F691~1\SyncTask.exe [2013-04-25] () <==== ATTENTION Task: {7928B189-420F-4218-8D5C-57EF5698838F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {BD791F1A-9F77-4400-8CDA-A1D7E0AA1EA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {EDB20B8F-28A4-4472-89E1-33A40F028DCB} - System32\Tasks\Adobe => C:\Users\JButler\AppData\Local\Temp\keye.exe <==== ATTENTION C:\Users\JButler\AppData\Local\Temp\keye.exe Task: {F96B678B-B478-4542-8C21-8712EAC66E5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {FD539FCE-A3F8-4931-97D7-B56BFEB21D5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{34004D00-5100-3800-4500-650042004E00} [192] AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{6F004C00-4500-7100-7100-2B0069007500} [664] CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: