Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01 Ran by User at 2015-02-26 23:38:23 Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {943B8375-7A7E-4E94-A423-E61BC51355C2} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {943B8375-7A7E-4E94-A423-E61BC51355C2} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 kwldapob; \??\C:\Users\User\AppData\Local\Temp\kwldapob.sys [X] C:\windows\SysWOW64\sho6103.tmp EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPUsageTrackingLEDM => value deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2641575014-1446490523-3456933365-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{943B8375-7A7E-4E94-A423-E61BC51355C2}" => Key deleted successfully. HKCR\CLSID\{943B8375-7A7E-4E94-A423-E61BC51355C2} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{943B8375-7A7E-4E94-A423-E61BC51355C2}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{943B8375-7A7E-4E94-A423-E61BC51355C2} => Key not found. catchme => Service deleted successfully. kwldapob => Service not found. C:\windows\SysWOW64\sho6103.tmp => Moved successfully. EmptyTemp: => Removed 1.3 GB temporary data. The system needed a reboot. ==== End of Fixlog 23:38:59 ====