Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015 Ran by Lorraine (2015-09-18 14:13:51) Run:1 Running from C:\Users\Lorraine\Desktop Loaded Profiles: Lorraine (Available Profiles: Lorraine) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-3240821568-1653635036-208495454-1005\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" HKU\S-1-5-21-3240821568-1653635036-208495454-1005\...\Run: [ShieldSoft] => C:\Users\Lorraine\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe [423424 2015-09-01] () AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File GroupPolicy: Restriction - Chrome <======= ATTENTION HKU\S-1-5-21-3240821568-1653635036-208495454-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.rockettab.com SearchScopes: HKU\S-1-5-21-3240821568-1653635036-208495454-1005 -> {8C0B6873-412A-4EC9-B312-E3D17963C297} URL = hxxp://isearch.rockettab.com/?q={searchTerms} BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKU\S-1-5-21-3240821568-1653635036-208495454-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF DefaultSearchEngine: Rocket Tab FF DefaultSearchEngine.US: Rocket Tab FF SelectedSearchEngine: Rocket Tab FF user.js: detected! => C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\uv4j5qfq.default\user.js [2014-11-12] FF SearchPlugin: C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\uv4j5qfq.default\searchplugins\shieldRocket Tab.xml [2015-09-18] CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll => No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll => No File CHR Plugin: (Google Update) - C:\Users\Lorraine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] () R2 ShieldSoft; C:\Users\Lorraine\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [83456 2015-09-02] () [File not signed] 2015-09-18 12:55 - 2015-09-18 12:55 - 00026288 _____ C:\Users\Lorraine\Downloads\GWXWebWindows.exe 2015-09-18 12:36 - 2015-09-18 12:36 - 00000000 ____D C:\Program Files (x86)\DriverWhiz 2015-09-18 11:49 - 2015-09-18 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz 2015-09-18 11:48 - 2015-09-18 11:48 - 05559248 _____ (383 Media, Inc.) C:\Users\Lorraine\Downloads\Driverwhiz.exe 2015-09-11 15:56 - 2015-09-11 15:56 - 00000000 ____D C:\Users\Lorraine\AppData\Roaming\ShieldSoft C:\Program Files (x86)\FastClean PRO C:\PROGRA~2\SearchProtect\ C:\Program Files (x86)\MapsGalaxy_39 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKU\S-1-5-21-3240821568-1653635036-208495454-1005\Software\Microsoft\Windows\CurrentVersion\Run\\fastclean => value removed successfully HKU\S-1-5-21-3240821568-1653635036-208495454-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ShieldSoft => value removed successfully "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-3240821568-1653635036-208495454-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-3240821568-1653635036-208495454-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C0B6873-412A-4EC9-B312-E3D17963C297}" => key removed successfully HKCR\CLSID\{8C0B6873-412A-4EC9-B312-E3D17963C297} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully HKU\S-1-5-21-3240821568-1653635036-208495454-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. Firefox DefaultSearchEngine removed successfully Firefox DefaultSearchEngine.US removed successfully Firefox SelectedSearchEngine removed successfully C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\uv4j5qfq.default\user.js => moved successfully C:\Users\Lorraine\AppData\Roaming\Mozilla\Firefox\Profiles\uv4j5qfq.default\searchplugins\shieldRocket Tab.xml => moved successfully C:\Windows\SysWOW64\npdeployJava1.dll => not found. C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll => not found. C:\Users\Lorraine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found. c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found. pcregservice => Service stopped successfully. pcregservice => service removed successfully ShieldSoft => Unable to stop service. ShieldSoft => service removed successfully C:\Users\Lorraine\Downloads\GWXWebWindows.exe => moved successfully C:\Program Files (x86)\DriverWhiz => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz => moved successfully C:\Users\Lorraine\Downloads\Driverwhiz.exe => moved successfully C:\Users\Lorraine\AppData\Roaming\ShieldSoft => moved successfully "C:\Program Files (x86)\FastClean PRO" => File/Folder not found. C:\PROGRA~2\SearchProtect => moved successfully "C:\Program Files (x86)\MapsGalaxy_39" => File/Folder not found. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3240821568-1653635036-208495454-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3240821568-1653635036-208495454-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {E95917B7-4F34-43CD-A9AB-F5044A893AAC} canceled. {3AD11561-6EAB-4D9A-A41B-81A3AB4AD8B0} canceled. {43F91497-CAAD-446E-BEDE-41A7987CC369} canceled. {EBE647B9-6281-4BD7-9336-5AC29004D8F8} canceled. {8755AB23-B890-495C-BB90-BF664DD58FD2} canceled. {A8088022-A645-4968-AE0C-46A74A957D88} canceled. {C0559C57-2B3B-4B1F-ABE0-2A38CB4F5C02} canceled. {32CDA66D-C739-4314-BB15-90E9A42342F4} canceled. {911E2735-D887-4FE2-A2E4-A49FB31DC876} canceled. 9 out of 9 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 141.6 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 14:15:22 ====