Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by KO (2015-12-18 15:05:30) Run:1
Running from C:\Users\KO\Desktop\Frst
Loaded Profiles: KO (Available Profiles: KO)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
S2 WdMan; C:\ProgramData\SWdMS\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [File not signed]
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450070380&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07173&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2044814858-3257045265-4192325483-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2044814858-3257045265-4192325483-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2044814858-3257045265-4192325483-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={93343963-E764-42B8-8047-6BE83FD753AE}&mid=6b0653b77c2147d08c5181ac0f018585-4323c9a1a5a383db39737bd017fae0a1668e3319&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=un&d=2015-09-13 20:01:02&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-2044814858-3257045265-4192325483-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1448450618&z=75314eddb34a151c27cebf0g8z7z3bdz0wfeccbc5m&from=cor&uid=ST3250410AS_6RY1WRLEXXXX6RY1WRLE
HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\...\Policies\Explorer: []
Task: {0E7839FE-EE11-47EF-8C4F-D063070EC499} - System32\Tasks\{2FE8B0D1-4608-4F26-A63F-A98671E9D533} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/1250
Task: {0F3AE62F-CE3B-401C-8795-F48408F0BCB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {2C6EA660-D6E9-4256-9747-59C2C4015781} - System32\Tasks\CTF Host => C:\Users\KO\AppData\Roaming\.minecraft\Ctfhost\ctfhost.exe
Task: {4E897B6B-2987-4475-8906-E3436FC3B2BC} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {AD58BF4F-7881-4EE2-B10E-28BCDF613FF1} - System32\Tasks\0915wtUpdateInfo => C:\ProgramData\Avg_Update_0915wt\0915wt_{FBDD9017-B407-48D7-A009-BB1636219C98}.exe
Task: {CE1C38E9-EC40-4587-911F-911153215090} - System32\Tasks\{B3996386-9F10-46F8-8A21-547C99CD2D54} => pcalua.exe -a I:\SISetup.exe -d I:\
Task: {F0FB22AB-0316-466B-B3A2-259321D03A34} - \Program aktualizacji online firmy Adobe. -> No File <==== ATTENTION
Task: {F12E955B-5C71-49AD-ADFF-BB48133F2220} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\0915wtUpdateInfo.job => C:\ProgramData\Avg_Update_0915wt\0915wt_{FBDD9017-B407-48D7-A009-BB1636219C98}.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
AlternateDataStreams: C:\ProgramData\Microsoft:ecSWXQzQmt0NYxUedBRJg
AlternateDataStreams: C:\ProgramData\Microsoft:NaZu2xXXVCcoQdibmem30Mu4
AlternateDataStreams: C:\ProgramData\Microsoft:YEQkrOj5IinKrit2
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKCU\Software\Mozilla\Firefox
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Mozilla\Firefox
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files (x86)\Lenovo
RemoveDirectory: C:\Program Files (x86)\Mozilla Firefox
RemoveDirectory: C:\ProgramData\MWMiniProM
RemoveDirectory: C:\ProgramData\NortonInstaller
RemoveDirectory: C:\ProgramData\SWdMS
RemoveDirectory: C:\ProgramData\TEMP
RemoveDirectory: C:\ProgramData\ZWdMZ
RemoveDirectory: C:\Users\KO\AppData\Local\Lenovo
RemoveDirectory: C:\Users\KO\AppData\Local\Mobogenie
RemoveDirectory: C:\Users\KO\AppData\Local\Mozilla\Firefox
RemoveDirectory: C:\Users\KO\AppData\Local\StormFall
RemoveDirectory: C:\Users\KO\AppData\Roaming\dll-files.com
RemoveDirectory: C:\Users\KO\AppData\Roaming\GoldenGate
RemoveDirectory: C:\Users\KO\AppData\Roaming\Mozilla\Firefox
RemoveDirectory: C:\Users\KO\AppData\Roaming\StormFall
RemoveDirectory: C:\Users\KO\AppData\Roaming\WarThunder
RemoveDirectory: C:\Users\KO\Desktop\SpyHunter 4.16.5.4290 [Eng] patch
RemoveDirectory: C:\Users\KO\REACHit
RemoveDirectory: C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
RemoveDirectory: C:\Windows\System32\Tasks\Lenovo
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
C:\Users\KO\AppData\Local\Word-to-PDF-Converter_1357.rar
C:\Users\KO\AppData\Local\wordtopdf_setup.exe
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
C:\Users\KO\Desktop\wordtopdf_setup [1].rar
C:\Users\KO\Desktop\wordtopdf_setup [1].exe
C:\Users\KO\Downloads\sh-remover.exe
C:\Users\KO\Downloads\SpyHunter*.*
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\SysWOW64\Z
CMD: netsh advfirewall reset
Hosts:
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
WdMan => service removed successfully
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk => Shortcut argument removed successfully.
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => not found.
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKU\S-1-5-21-2044814858-3257045265-4192325483-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E7839FE-EE11-47EF-8C4F-D063070EC499}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E7839FE-EE11-47EF-8C4F-D063070EC499}" => key removed successfully
C:\Windows\System32\Tasks\{2FE8B0D1-4608-4F26-A63F-A98671E9D533} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2FE8B0D1-4608-4F26-A63F-A98671E9D533}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F3AE62F-CE3B-401C-8795-F48408F0BCB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F3AE62F-CE3B-401C-8795-F48408F0BCB2}" => key removed successfully
C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C6EA660-D6E9-4256-9747-59C2C4015781}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C6EA660-D6E9-4256-9747-59C2C4015781}" => key removed successfully
C:\Windows\System32\Tasks\CTF Host => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CTF Host" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E897B6B-2987-4475-8906-E3436FC3B2BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E897B6B-2987-4475-8906-E3436FC3B2BC}" => key removed successfully
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-Files.Com Fixer_MONTHLY" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD58BF4F-7881-4EE2-B10E-28BCDF613FF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD58BF4F-7881-4EE2-B10E-28BCDF613FF1}" => key removed successfully
C:\Windows\System32\Tasks\0915wtUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915wtUpdateInfo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE1C38E9-EC40-4587-911F-911153215090}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1C38E9-EC40-4587-911F-911153215090}" => key removed successfully
C:\Windows\System32\Tasks\{B3996386-9F10-46F8-8A21-547C99CD2D54} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3996386-9F10-46F8-8A21-547C99CD2D54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0FB22AB-0316-466B-B3A2-259321D03A34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FB22AB-0316-466B-B3A2-259321D03A34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F12E955B-5C71-49AD-ADFF-BB48133F2220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F12E955B-5C71-49AD-ADFF-BB48133F2220}" => key removed successfully
C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DLL-Files.Com Fixer_Updates" => key removed successfully
C:\Windows\Tasks\0915wtUpdateInfo.job => moved successfully
C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => moved successfully
C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => moved successfully
C:\ProgramData\Microsoft => ":ecSWXQzQmt0NYxUedBRJg" ADS removed successfully.
C:\ProgramData\Microsoft => ":NaZu2xXXVCcoQdibmem30Mu4" ADS removed successfully.
C:\ProgramData\Microsoft => ":YEQkrOj5IinKrit2" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => key removed successfully
HKCU\Software\dobreprogramy => key removed successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => key removed successfully
HKCU\Software\Mozilla\Firefox => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKCU\Software\Mozilla\Firefox => key removed successfully
HKCU\Software\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKCU\Software\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Mozilla\Firefox => key not found. 
HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox => key removed successfully
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => key removed successfully
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => key removed successfully
"C:\Program Files (x86)\Lenovo" => removed successfully.
"C:\Program Files (x86)\Mozilla Firefox" => removed successfully.
"C:\ProgramData\MWMiniProM" => removed successfully.
"C:\ProgramData\NortonInstaller" => removed successfully.
"C:\ProgramData\SWdMS" => removed successfully.
"C:\ProgramData\TEMP" => removed successfully.
"C:\ProgramData\ZWdMZ" => removed successfully.
"C:\Users\KO\AppData\Local\Lenovo" => removed successfully.
"C:\Users\KO\AppData\Local\Mobogenie" => removed successfully.
"C:\Users\KO\AppData\Local\Mozilla\Firefox" => removed successfully.
"C:\Users\KO\AppData\Local\StormFall" => removed successfully.
"C:\Users\KO\AppData\Roaming\dll-files.com" => removed successfully.
"C:\Users\KO\AppData\Roaming\GoldenGate" => removed successfully.
"C:\Users\KO\AppData\Roaming\Mozilla\Firefox" => removed successfully.
"C:\Users\KO\AppData\Roaming\StormFall" => removed successfully.
"C:\Users\KO\AppData\Roaming\WarThunder" => removed successfully.
"C:\Users\KO\Desktop\SpyHunter 4.16.5.4290 [Eng] patch" => removed successfully.
"C:\Users\KO\REACHit" => removed successfully.
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP" => removed successfully.
"C:\Windows\System32\Tasks\Lenovo" => removed successfully.
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => moved successfully
C:\Users\KO\AppData\Local\Word-to-PDF-Converter_1357.rar => moved successfully
C:\Users\KO\AppData\Local\wordtopdf_setup.exe => moved successfully
C:\Users\KO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk => moved successfully
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url => moved successfully
C:\Users\KO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk => moved successfully
C:\Users\KO\Desktop\wordtopdf_setup [1].rar => moved successfully
C:\Users\KO\Desktop\wordtopdf_setup [1].exe => moved successfully
C:\Users\KO\Downloads\sh-remover.exe => moved successfully

=========== "C:\Users\KO\Downloads\SpyHunter*.*" ==========

C:\Users\KO\Downloads\SpyHunter_4.17.6.4336 [Eng]   patch.rar => moved successfully

========= End -> "C:\Users\KO\Downloads\SpyHunter*.*" ========

"C:\Windows\System32\Tasks\SpyHunter4Startup" => not found.
C:\Windows\SysWOW64\Z => moved successfully

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 5.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:06:48 ====