start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [{64877f72-de04-9081-10f4-87153badbffe}] => "C:\ProgramData\Microsoft\{64877f72-de04-9081-10f4-87153badbffe}\{64877f72-de04-9081-10f4-87153badbffe}.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{64877f72-de04-9081-10f4-87153badbffe}] => "C:\ProgramData\Microsoft\{64877f72-de04-9081-10f4-87153badbffe}\{64877f72-de04-9081-10f4-87153badbffe}.exe" No File
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1006484083-2284930567-1613651267-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1006484083-2284930567-1613651267-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1006484083-2284930567-1613651267-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1006484083-2284930567-1613651267-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {AE986AAE-21E4-49ED-8A99-6C9A7E4FF4D9} URL = http://www.32searche...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1006484083-2284930567-1613651267-1001 -> {0DF0D1B5-CC01-40D9-92DB-F87195908B9E} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1006484083-2284930567-1613651267-1001 -> {AE986AAE-21E4-49ED-8A99-6C9A7E4FF4D9} URL = http://www.32searche...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1006484083-2284930567-1613651267-1001 -> {F8A682B8-7334-4B47-ADEB-6D50F861C632} URL = http://slirsredirect...t=customie10-ie
Hosts:
FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jpwx4lg8.default\searchplugins\web-search.xml
FF Extension: ShopAtHome.com Toolbar - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jpwx4lg8.default\Extensions\toolbar@shopathome.com [2014-05-25]
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\jpwx4lg8.default\user.js
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 cqcpu; system32\drivers\cqcpu.sys [X]
S1 SABKUTIL; \??\C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKSQ3Y69\SASKUTIL.SYS [X]
2015-01-14 20:32 - 2014-12-04 14:57 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-11 21:21 - 2014-05-29 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-11-12 18:28 - 2014-11-12 18:28 - 0000268 _____ () C:\Users\Pat\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-12 18:27 - 2014-11-12 18:27 - 0000268 _____ () C:\Users\Pat\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-12 18:24 - 2014-11-12 18:24 - 0000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\Users\Pat\AppData\Local\Temp\APNSetup.exe
C:\Users\Pat\AppData\Local\Temp\Couponscom.exe
C:\Users\Pat\AppData\Local\Temp\DefaultPack.exe
C:\Users\Pat\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
Task: {927009E6-19CE-46D1-93FA-5D9B271B1057} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD251890-DDA6-4525-8C89-B11312955787} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION
C:\Program Files (x86)\AskPartnerNetwork
C:\ProgramData\Microsoft\{64877f72-de04-9081-10f4-87153badbffe}
C:\Program Files (x86)\MyPC Backup
C:\Program Files\pcmax
HKU\S-1-5-21-1006484083-2284930567-1613651267-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
EmptyTemp:
Reboot:
end