Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Clyde (2016-02-18 15:33:10)
Running from C:\Users\Clyde\Desktop
Windows 10 Enterprise (X64) (2015-07-29 09:43:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-363461811-3972735926-4019456885-500 - Administrator - Disabled)
Clyde (S-1-5-21-363461811-3972735926-4019456885-1001 - Administrator - Enabled) => C:\Users\Clyde
DefaultAccount (S-1-5-21-363461811-3972735926-4019456885-503 - Limited - Disabled)
Guest (S-1-5-21-363461811-3972735926-4019456885-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Dying Light: The Following - Enhanced Edition (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MySQL Server 5.0 (HKLM-x32\...\{E5AED31E-3474-4C85-B492-42149DE37891}) (Version: 5.0.51b - MySQL AB)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OSTotoHotspot (HKLM-x32\...\OSTotoHotspot) (Version: 4.1.9.4 - 深圳市驱动人生软件技术有限公司)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7719 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version:  - )
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witness (HKLM-x32\...\The Witness_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C9729B-0E16-47D8-B66C-5522870A2EB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {0E20B8C8-4D1C-4DBD-8886-13D50D467778} - System32\Tasks\{B2310ECF-55E0-4B87-A3D6-65B5DA144401} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.12.0.101&amp;LastError=12029
Task: {1D1BB155-C75C-4CDF-B01C-B976C3E068C0} - System32\Tasks\{6CA4505A-A339-4A22-A145-179A4DAB6F20} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/go/help.faq.installer?LastError=1603
Task: {24F734EF-E763-4DC1-943C-1E7A587AA246} - System32\Tasks\{C37B4FFD-AA23-4488-BFCC-43BEEF97B4E0} => launchwinapp.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.7.0.102&amp;LastError=12002
Task: {400F9FAF-E00D-4069-ACEB-214FA9F225AF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {782FDEA6-E1FB-40D4-AB2E-349365635F91} - System32\Tasks\{65AFBC54-B72C-4888-9F1D-21D1969362B9} => pcalua.exe -a "C:\Program Files\Samsung\USB Drivers\Uninstall.exe" -d "C:\Program Files\Samsung\USB Drivers"
Task: {846A5970-754F-4F7D-A47E-E5B479104F50} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {87618E8D-6532-4EB3-8EAF-016CCFAAD216} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-18] (AVAST Software)
Task: {99D1BC83-0305-4673-BB0A-09526398F6D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {AB9A7117-9DE1-4BBB-B5D5-CAE3A66E02EB} - System32\Tasks\{1DEFA6B6-6CB2-41F4-BE2A-B335A734F629} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.12.0.101&amp;LastError=12029
Task: {B7DD3138-DC7C-4472-9D32-F2C0D51DE548} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {BD01C2AF-E63A-430A-BF9F-6D3435472819} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {C4E5067D-DC1A-4ADE-AC6E-FE96D38B838E} - System32\Tasks\{744F2345-34D4-4B74-A0B2-912D2136B29F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/go/help.faq.installer?LastError=1603
Task: {CA70B99A-4A50-4A37-BDD0-AA1083C515A7} - System32\Tasks\SafeZone scheduled Autoupdate 1455806594 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {E0C25694-CB6D-437A-B90B-B4957A496126} - System32\Tasks\{AF6E50F9-64C6-4C2B-8069-3176ADD0AE49} => pcalua.exe -a "C:\Program Files (x86)\Cheat Engine 6.4\unins000.exe"
Task: {E1AEE989-4972-4A7F-B5E6-0947A154AD58} - System32\Tasks\{BC44FD9F-15EF-4495-B6B3-AA747C553BEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.11.0.102&amp;LastError=12029
Task: {EFA98AF6-D525-4FB2-AA59-5B5E29528281} - System32\Tasks\{8BB82355-B1EB-45C8-AA71-10909EC56ACA} => pcalua.exe -a "C:\Program Files (x86)\OSTotoHotspot\Uninstall.exe"
Task: {F7EB3B7F-A11A-4EE6-A6BA-59DE193E7FAD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 11:00 - 2015-07-10 11:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-07-29 10:35 - 2015-07-15 02:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2016-01-28 17:08 - 2016-02-09 05:29 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-18 21:59 - 2015-08-11 09:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2008-04-17 19:13 - 2008-04-17 19:13 - 05750784 _____ () C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
2016-01-18 16:54 - 2015-09-08 10:49 - 00209768 _____ () C:\Program Files (x86)\OSTotoHotspot\WifiService.exe
2015-10-01 07:55 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-01 07:55 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-01 07:55 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-08 19:50 - 2015-11-25 04:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-08 19:50 - 2015-11-25 04:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-08 19:50 - 2015-11-25 04:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 07:55 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-01-10 13:41 - 2015-07-29 10:24 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2016-02-18 14:01 - 2016-02-18 14:00 - 00126475 _____ () C:\Users\Clyde\AppData\Local\YTPack\Yt1vmyL.exe
2016-02-18 14:42 - 2016-02-18 14:42 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-18 14:42 - 2016-02-18 14:42 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-18 14:45 - 2016-02-18 14:45 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021800\algo.dll
2016-02-18 14:42 - 2016-02-18 14:42 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-18 14:42 - 2016-02-18 14:42 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-01-18 16:54 - 2014-05-19 01:31 - 00254824 _____ () C:\Program Files (x86)\OSTotoHotspot\DTLUpdater\CheckUpdate.dll
2015-07-29 09:52 - 2015-12-15 05:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-29 09:52 - 2015-07-03 16:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-29 09:52 - 2016-02-04 21:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-29 09:52 - 2015-09-24 00:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-29 09:52 - 2015-09-24 00:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-29 09:52 - 2015-09-24 00:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-29 09:52 - 2015-09-24 00:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-29 09:52 - 2015-09-24 00:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-29 09:52 - 2015-07-03 16:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-29 09:52 - 2015-07-03 16:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-29 09:52 - 2016-02-04 21:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-29 09:52 - 2015-12-30 01:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2016-02-18 14:02 - 2016-02-18 14:02 - 00072192 _____ () C:\Users\Clyde\AppData\Local\Ojics\MfcCommonServices.dll
2015-07-29 09:52 - 2016-01-06 01:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-02-18 14:11 - 2016-02-18 14:11 - 00052736 _____ () C:\Users\Clyde\AppData\Local\YTPack\lameImage32.dll
2016-02-18 14:42 - 2016-02-18 14:42 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-18 14:08 - 2016-02-09 11:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-18 14:08 - 2016-02-09 11:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-18 14:08 - 2016-02-09 11:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-363461811-3972735926-4019456885-1001\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-06 15:40 - 2016-01-13 04:01 - 00001912 ____A C:\Windows\system32\Drivers\etc\hosts

255.255.255.255	broadcasthost127.0.0.1	local127.0.0.1       localhost
127.0.0.1       Lodus.noip.me
127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-363461811-3972735926-4019456885-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Clyde\Pictures\aVkwhSW.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 160WifiSrv => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: YSearchUtilSvc => 2
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "160wifi"
HKLM\...\StartupApproved\Run32: => "OSTotoHotspot"
HKU\S-1-5-21-363461811-3972735926-4019456885-1001\...\StartupApproved\StartupFolder: => "Q.vbs"
HKU\S-1-5-21-363461811-3972735926-4019456885-1001\...\StartupApproved\StartupFolder: => "Shortcut.url"
HKU\S-1-5-21-363461811-3972735926-4019456885-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-363461811-3972735926-4019456885-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2AEA9B4D-F47A-4F04-B07C-CEE9E721F8ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9FACB4C5-9F08-4655-B35B-F2C0B61CE8A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7B09041-B462-4EA3-9BC3-C0BBADA178E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A087658-BFD5-4687-B1B8-7B7820F56737}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{04C0C4B8-5801-4E05-9876-FEF51C9B1367}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{493CEE2E-94E3-487F-AB3A-40438844E2E1}] => (Allow) G:\Programs\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{3A21BDA2-C066-4BEA-8BCD-67F5E2C276D5}] => (Allow) G:\Programs\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{47C4E140-743C-4D29-83A7-774854D2B6BC}] => (Allow) G:\Programs\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [{BF7B5863-C14F-4567-873F-07114F63EE8A}] => (Allow) G:\Programs\Launcher\Bethesda.net_Launcher.exe
FirewallRules: [TCP Query User{F29660D3-86D5-40D2-A7E2-439F34E9E87A}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{293F1851-DD96-4E31-8D8F-F66A994DA173}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{44434BAF-E523-4269-BA4A-34E5D6129908}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D95946F6-B633-4545-9267-CF6D6902FD6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{469DFAEC-812B-4998-B672-C6AAB016C194}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{DE00FDFE-55C0-403C-B155-245541D7DDB0}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{9BD93DDE-FE62-420F-84D9-0B6FBD0177C8}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\helptool.exe
FirewallRules: [{82DB1866-0FA2-42B4-BD94-916037990DFD}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\YunExplorer.exe
FirewallRules: [{B66E1D60-5348-445F-A463-FCD27D6A0AAB}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\WifiService.exe
FirewallRules: [{7E62A383-DFB9-4E50-8084-E66FE3CD66EF}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\OSTotoHotspot.exe
FirewallRules: [TCP Query User{C8BA6212-A18E-43BD-AB9B-D3AB7C0470AF}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [UDP Query User{0BA4E247-79FC-45B8-BFB1-44170BB570E4}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{B609996B-BABE-4387-BA4B-FF4EB599B8A5}] => (Block) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{D01F1252-0845-4899-BAA0-F314C6ED5DFD}] => (Block) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{DC65E250-9AAA-4B5E-A11A-FBA5CAD76615}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2C8D11B3-6D22-4F4F-A3D5-5F8A41B4E592}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F12E8532-3BAC-4415-A6B8-E6D481668668}C:\program files\dying light\dyinglightgame.exe] => (Allow) C:\program files\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{9A5C912F-BB20-4927-947C-EAE764EEEE47}C:\program files\dying light\dyinglightgame.exe] => (Allow) C:\program files\dying light\dyinglightgame.exe
FirewallRules: [{5AA42505-B830-4632-8D04-652154787330}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\OSTotoHotspot.exe
FirewallRules: [{B842FF09-062A-4B20-BFAE-7666E4F8ECE9}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\OSTotoHotspot.exe
FirewallRules: [{B9BC8189-E33A-4650-B15F-C3E72495FF47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8AF80D8A-1B1F-4E03-A484-FDBEBA727CFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{68565B28-81F1-42DC-A813-45F5E8C64AEF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0C5336CA-18DF-4ECA-8C95-1A0758B718CB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{825D2381-F30C-4AD0-9A99-AE658BC01F8E}] => (Allow) C:\Program Files (x86)\OSTotoHotspot\\WifiService.exe

==================== Restore Points =========================

18-02-2016 14:14:06 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2016 02:32:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.18.0.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19f4

Start Time: 01d16a57a091100a

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 7207d2b8-d64c-11e5-9c81-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 02:14:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/18/2016 02:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
Exception code: 0x80000003
Fault offset: 0x0000ed3b
Faulting process id: 0xd90
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (02/18/2016 01:56:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GG7MJ87)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/18/2016 01:50:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.034.exe version 5.0.3.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e80

Start Time: 01d16a523fbd0432

Termination Time: 4294967295

Application Path: C:\Users\Clyde\Desktop\adwcleaner_5.034.exe

Report Id: 85098da8-d646-11e5-9c7d-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 01:42:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.034.exe version 5.0.3.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18e4

Start Time: 01d16a520f04936b

Termination Time: 4294967295

Application Path: C:\Users\Clyde\Desktop\adwcleaner_5.034.exe

Report Id: 7c1051a8-d645-11e5-9c7d-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 01:40:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.034.exe version 5.0.3.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e08

Start Time: 01d16a51b5b96793

Termination Time: 4294967295

Application Path: C:\Users\Clyde\Desktop\adwcleaner_5.034.exe

Report Id: 32bbfb5e-d645-11e5-9c7d-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 01:31:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.034.exe version 5.0.3.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2d68

Start Time: 01d16a505a85c5b0

Termination Time: 4294967295

Application Path: F:\Data\Programs\adwcleaner_5.034.exe

Report Id: fb56b48b-d643-11e5-9c7c-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 01:22:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GFExperience.exe version 2.9.1.35 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1924

Start Time: 01d16a4f62848124

Termination Time: 15

Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Report Id: b1685595-d642-11e5-9c7c-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/18/2016 01:21:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GFExperience.exe version 2.9.1.35 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22b0

Start Time: 01d16a4f4bf24da1

Termination Time: 19

Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Report Id: 93d65d00-d642-11e5-9c7c-bc5ff4dc666f

Faulting package full name: 

Faulting package-relative application ID:


System errors:
=============
Error: (02/18/2016 03:26:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (02/18/2016 03:22:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/18/2016 03:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2016-01-29 02:54:32.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-29 02:54:32.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-29 00:26:00.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-28 22:02:44.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-28 22:02:44.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 26%
Total physical RAM: 16340.75 MB
Available physical RAM: 12021.48 MB
Total Virtual: 18772.75 MB
Available Virtual: 13335.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.68 GB) (Free:51.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Games / Anime) (Fixed) (Total:149.05 GB) (Free:11.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: 3896EAD7)
Partition 1: (Active) - (Size=167.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 96DB0E5B)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================