Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01 Ran by Merix at 2014-10-08 19:12:35 Run:2 Running from C:\Users\Merix\Downloads Loaded Profile: Merix (Available profiles: Merix) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S2 servervo; C:\Users\Merix\AppData\Roaming\VOPackage\VOsrv.exe [70656 2014-10-07] () [File not signed] R1 {058899d6-9704-4de3-aae7-17e9fc44c761}Gw64; C:\Windows\System32\drivers\{058899d6-9704-4de3-aae7-17e9fc44c761}Gw64.sys [61120 2014-04-24] (StdLib) S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X] S3 zgdcat; system32\DRIVERS\zgdcat.sys [X] S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X] S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X] S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X] S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X] Task: {70A3988C-4CD3-4A3E-8528-B77F8DFE287D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-07] (AnyProtect.com) <==== ATTENTION Task: {C8CC623E-021C-4AAE-8E2A-C070C6743746} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-07] (AnyProtect.com) <==== ATTENTION Task: {DFBCB6EF-D864-4E01-A61B-740332B3D5F7} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-07] (AnyProtect.com) <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION HKU\S-1-5-21-3302502354-795164464-2874845416-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Fast Search -> {5AB7104A-B71F-49AD-9154-F7F8806AE848} -> C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKCU\...\Firefox\Extensions: [{88014c0d-a27c-484c-81ef-bf536a6f2a3d}] - C:\Program Files (x86)\BobyLyrics\132.xpi CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [2013-04-17] CHR HKLM-x32\...\Chrome\Extension: [feehhilecblfddelccfipjokflgjpmad] - C:\Program Files (x86)\BobyLyrics\132.crx [2014-08-04] CustomCLSID: HKU\S-1-5-21-3302502354-795164464-2874845416-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Merix\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File CustomCLSID: HKU\S-1-5-21-3302502354-795164464-2874845416-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Merix\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File C:\Program Files (x86)\Mozilla Firefox\extensions C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\AnyProtectEx C:\Program Files (x86)\BobyLyrics C:\Program Files (x86)\Surf Canyon C:\ProgramData\TEMP C:\Users\Merix\AppData\Local\nsw6AD8.tmp C:\Users\Merix\AppData\Roaming\AnyProtectEx C:\Users\Merix\AppData\Roaming\ap_logs C:\Users\Merix\AppData\Roaming\ap_movie C:\Users\Merix\AppData\Roaming\aps.scan.quick.results C:\Users\Merix\AppData\Roaming\aps.scan.results C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage C:\Users\Merix\AppData\Roaming\Thinstall C:\Users\Merix\AppData\Roaming\VOPackage C:\Users\Merix\Desktop\Continue Live Installation.lnk C:\Users\Merix\Downloads\SoftonicDownloader*.exe C:\Windows\System32\drivers\{058899d6-9704-4de3-aae7-17e9fc44c761}Gw64.sys C:\Windows\SysWOW64\sho*.tmp DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage EmptyTemp: ***************** Processes closed successfully. servervo => Service deleted successfully. {058899d6-9704-4de3-aae7-17e9fc44c761}Gw64 => Service stopped successfully. {058899d6-9704-4de3-aae7-17e9fc44c761}Gw64 => Service deleted successfully. andnetadb => Service deleted successfully. AndNetDiag => Service deleted successfully. ANDNetModem => Service deleted successfully. massfilter_lte => Service deleted successfully. zgdcat => Service deleted successfully. zgdcdiag => Service deleted successfully. zgdcmdm => Service deleted successfully. zgdcnet => Service deleted successfully. zgdcnmea => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70A3988C-4CD3-4A3E-8528-B77F8DFE287D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70A3988C-4CD3-4A3E-8528-B77F8DFE287D}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8CC623E-021C-4AAE-8E2A-C070C6743746}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8CC623E-021C-4AAE-8E2A-C070C6743746}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFBCB6EF-D864-4E01-A61B-740332B3D5F7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBCB6EF-D864-4E01-A61B-740332B3D5F7}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully. C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully. HKU\S-1-5-21-3302502354-795164464-2874845416-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully. "HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} => value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\{88014c0d-a27c-484c-81ef-bf536a6f2a3d} => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem" => Key deleted successfully. C:\Program Files (x86)\Surf Canyon\surfcanyon.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\feehhilecblfddelccfipjokflgjpmad" => Key deleted successfully. "C:\Program Files (x86)\BobyLyrics\132.crx" => File/Directory not found. "HKU\S-1-5-21-3302502354-795164464-2874845416-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKU\S-1-5-21-3302502354-795164464-2874845416-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\AnyProtectEx => Moved successfully. "C:\Program Files (x86)\BobyLyrics" => File/Directory not found. C:\Program Files (x86)\Surf Canyon => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Merix\AppData\Local\nsw6AD8.tmp => Moved successfully. C:\Users\Merix\AppData\Roaming\AnyProtectEx => Moved successfully. C:\Users\Merix\AppData\Roaming\ap_logs => Moved successfully. C:\Users\Merix\AppData\Roaming\ap_movie => Moved successfully. C:\Users\Merix\AppData\Roaming\aps.scan.quick.results => Moved successfully. C:\Users\Merix\AppData\Roaming\aps.scan.results => Moved successfully. C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => Moved successfully. C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter => Moved successfully. C:\Users\Merix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully. C:\Users\Merix\AppData\Roaming\Thinstall => Moved successfully. C:\Users\Merix\AppData\Roaming\VOPackage => Moved successfully. C:\Users\Merix\Desktop\Continue Live Installation.lnk => Moved successfully. C:\Users\Merix\Downloads\SoftonicDownloader*.exe => Moved successfully. C:\Windows\System32\drivers\{058899d6-9704-4de3-aae7-17e9fc44c761}Gw64.sys => Moved successfully. C:\Windows\SysWOW64\sho*.tmp => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage => Key Deleted successfully. EmptyTemp: => Removed 2.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====