Hi,
After I used 2 different cameras that I plugged into my USB drive, I keep having explorer.exe popping up their drive names saying "F:/ or H:/ The directory name is invalid." I can't even close the windows because hundreds are popping up over and over and I can't even do anything unless I end explorer.exe task. This isn't my computer but my husband likes to dabble in music sample websites so it could have come from there. I have no idea. I also noticed that anytime I use a process that can enable the "always on top" feature. ex. Task manager, the screen starts flashing. I really think it's either a hack or a virus. If it's a virus, it's definitely responding to everything I do.
Here is my FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by ALLAH is UP (administrator) on ALLAHISUP-PC (30-06-2016 23:52:55)
Running from C:\Users\ALLAH is UP\Downloads
Loaded Profiles: ALLAH is UP (Available Profiles: ALLAH is UP & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\...\RunOnce: [Uninstall C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ALLAH is UP\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-11-07]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch ShareMouse.lnk [2015-12-31]
ShortcutTarget: Launch ShareMouse.lnk -> (No File)
Startup: C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2015-12-05]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{198b4aa9-9dc7-4069-a127-c7186133f369}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{bf9f04bb-c5eb-494c-9375-71bc1da463d8}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-436150743-3596999183-3093125189-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-436150743-3596999183-3093125189-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyEyCzy0AtC0F0FyCtBtCyDtAyB0AtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0ByEtByDyCtGtAtBzzyBtGtByDzztAtGyEtCtB0AtGzy0C0D0FtByD0BzzzytDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCzztA0F0EyC0FtGyEyBtDzytGyEtAtAtAtGzzzy0BzztGtD0CyEtCyBtA0F0CtCtB0A0D2QtN0A0LzuyE%26cr%3D1644942901%26a%3Dwncy_pwrisofs_15_47%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-31] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-17]
CHR Extension: (Google Docs) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
CHR Extension: (YouTube) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]
CHR Extension: (Adblock Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-28]
CHR Extension: (Google Search) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Google Sheets) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-06-07]
CHR Extension: (Online For Disconnect) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbbibfnbfeolainmnliccbfipijonao [2015-11-17]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]
CHR Extension: (Ad.Block Plus) - C:\Users\ALLAH is UP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppokofpeodofmocjcgjamemiiddhjpbe [2015-11-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-17] (Dropbox, Inc.)
S3 NetcamStudioSvc64; C:\Program Files\Netcam Studio - 64-bit\NetcamStudio.Service.exe [4051264 2016-01-06] (Moonware Studios)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5653736 2015-12-07] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 DGUSBAP; C:\Windows\system32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 MBX2DFU; C:\Windows\SYSTEM32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2016-01-28] (Macrovision Europe Ltd) [File not signed]
R3 VBAudioVMAUXVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-21] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 swmidi; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-30 00:00 - 2016-06-30 00:01 - 00045425 _____ C:\Users\ALLAH is UP\Downloads\Addition.txt
2016-06-29 23:58 - 2016-06-30 23:52 - 00019882 _____ C:\Users\ALLAH is UP\Downloads\FRST.txt
2016-06-29 23:58 - 2016-06-30 23:52 - 00000000 ____D C:\FRST
2016-06-29 23:57 - 2016-06-29 23:57 - 02390016 _____ (Farbar) C:\Users\ALLAH is UP\Downloads\FRST64.exe
2016-06-29 23:10 - 2016-06-30 23:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-19 16:40 - 2016-06-19 16:40 - 00373965 _____ C:\Users\ALLAH is UP\Downloads\012714.pdf
2016-06-09 04:45 - 2016-06-09 04:45 - 00000382 _____ C:\WINDOWS\Tasks\AVG-SSU_0616avz.job
2016-06-09 04:45 - 2016-06-09 04:45 - 00000000 ____D C:\ProgramData\Avg_Update_0616avz
2016-06-07 03:17 - 2016-06-07 03:18 - 00281404 _____ C:\WINDOWS\Minidump\060716-52046-01.dmp
2016-06-07 03:17 - 2016-06-07 03:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-07 03:14 - 2016-06-29 21:18 - 00171579 _____ C:\WINDOWS\system32\DICoInst64.bak
2016-06-07 03:13 - 2010-10-09 13:53 - 00170584 _____ (EGOSYS, Inc.) C:\WINDOWS\system32\DICoInst64.dll
2016-06-07 03:12 - 2016-06-07 03:12 - 00000000 ____D C:\Program Files (x86)\TASCAM
2016-06-07 03:12 - 2011-01-08 06:44 - 00103512 _____ C:\WINDOWS\SysWOW64\US800Asio32.dll
2016-06-07 03:11 - 2016-06-07 03:11 - 02722289 _____ C:\Users\ALLAH is UP\Downloads\us800_win_v1_0_8_20110107.zip
2016-06-06 22:18 - 2016-06-06 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-30 23:14 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 18:44 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\MFAData
2016-06-30 16:50 - 2015-12-26 15:57 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-30 16:50 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-30 16:49 - 2016-01-15 15:17 - 02407736 _____ C:\WINDOWS\ntbtlog.txt
2016-06-29 21:35 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 21:19 - 2015-12-26 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-29 21:03 - 2015-12-26 15:58 - 00000000 ____D C:\Users\ALLAH is UP
2016-06-29 21:03 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-29 13:53 - 2016-02-20 21:26 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-06-29 13:53 - 2015-11-07 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-06-28 03:35 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-25 21:45 - 2015-11-17 18:08 - 00002281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-25 21:42 - 2015-11-17 16:42 - 00000288 _____ C:\WINDOWS\Tasks\UpdateTask.job
2016-06-25 21:41 - 2015-11-17 17:10 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-25 21:41 - 2015-11-07 15:51 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-25 21:40 - 2015-12-05 10:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-23 04:36 - 2016-01-05 18:35 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\RealVNC
2016-06-21 22:15 - 2015-11-17 17:10 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-21 22:05 - 2015-11-07 15:51 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 22:37 - 2015-11-07 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-14 21:47 - 2015-12-26 16:54 - 00002431 _____ C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-14 21:47 - 2015-12-26 16:54 - 00000000 ___RD C:\Users\ALLAH is UP\OneDrive
2016-06-14 21:29 - 2016-03-29 13:21 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Local\Windows Live
2016-06-07 03:37 - 2015-11-17 18:20 - 00000000 ____D C:\Users\ALLAH is UP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-07 03:17 - 2015-12-26 15:51 - 00194224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-07 03:17 - 2015-11-20 12:17 - 327445488 _____ C:\WINDOWS\MEMORY.DMP
2016-06-06 22:18 - 2015-11-17 17:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
==================== Files in the root of some directories =======
2015-11-21 03:20 - 2015-12-26 17:21 - 0031460 _____ () C:\Users\ALLAH is UP\AppData\Roaming\VoiceMeeterDefault.xml
Some files in TEMP:
====================
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081040707190.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081193459123.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081216923614.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081449743922.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_081800841901.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\avguirn_08872103858.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\exeE981.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLF23A9.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLF9DA.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFCBFC.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE1F3.tmp.exe
C:\Users\ALLAH is UP\AppData\Local\Temp\GLFE326.tmp.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-13 22:17
==================== End of FRST.txt ============================
Now here is my addition.txt file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016