CloseProcesses:
CreateRestorePoint:
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
URLSearchHook: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 - (No Name) - {2421d847-721c-404f-87b4-bbd2b95d1087} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D87EE37E-D370-4A75-9364-2A937E9A20E4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D87EE37E-D370-4A75-9364-2A937E9A20E4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 -> {31C085E5-8C2B-4266-8049-AA3A9F843E3E} URL = http://websearch.ask...30-B9D8E958076E
SearchScopes: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 -> {D87EE37E-D370-4A75-9364-2A937E9A20E4} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1989153408-1931016179-191072793-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1989153408-1931016179-191072793-1001 -> {D87EE37E-D370-4A75-9364-2A937E9A20E4} URL = 
SearchScopes: HKU\S-1-5-21-1989153408-1931016179-191072793-1001 -> {E0F59E72-AAB4-46F9-92F6-F21CF98F0B80} URL =
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-10-17] (Ask)
Toolbar: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 -> No Name - {2421D847-721C-404F-87B4-BBD2B95D1087} -  No File
Toolbar: HKU\S-1-5-21-1989153408-1931016179-191072793-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1989153408-1931016179-191072793-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D5551BFD-923B-4C3B-96D2-0FC9224656BD} http://dataprotect.c...ct.com/nwbr.cab
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF HKU\S-1-5-21-1989153408-1931016179-191072793-1001\...\Firefox\Extensions: [support@unfriendapp.com] - C:\Program Files (x86)\UnfriendApp\Firefox
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahlfahldnilidgnlikdckbfehhca.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-27] (APN LLC.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
2015-07-14 15:51 - 2013-03-14 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-07-14 15:51 - 2013-03-14 14:11 - 00000000 ____D C:\Program Files (x86)\Coupons
C:\ProgramData\hpe6EC9.dll
Task: {5D05AD41-3D18-45E9-BBBB-9DF837CB4DF4} - System32\Tasks\{E7FD3E43-70DC-426E-9875-EC4575FA1A35} => E:\setup.exe
Task: {C7DA289E-2B5B-45D7-99A5-02AA867D8976} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F