Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my updates stay in 0% and doens't download nor can't installed


  • This topic is locked This topic is locked
2 replies to this topic

#1 M4xW3s

M4xW3s

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 April 2017 - 11:04 AM

i wanna install windows 10 and the download stay in 0% for a long time HELP ME.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01
Ran by wesley (administrator) on WESLEY-PC (24-04-2017 10:41:34)
Running from C:\Users\wesley\Downloads
Loaded Profiles: wesley (Available Profiles: wesley)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\wesley\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\wesley\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SystemPropertiesAdvanced.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [467304 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3722416 2011-09-06] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3864181941-259514421-1745186122-1003\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe /minimized
HKU\S-1-5-21-3864181941-259514421-1745186122-1003\...\Run: [Akamai NetSession Interface] => C:\Users\wesley\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3864181941-259514421-1745186122-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-03] (Google Inc.)
HKU\S-1-5-21-3864181941-259514421-1745186122-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2011-09-06] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{94613DBB-9056-45FA-9F96-1D1A8326722A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9561A9CF-80C4-494D-99DF-8A68A63D62F6}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSERT1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7471505B-AC8E-4FAF-91E8-AC6C2DF30832} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\.DEFAULT -> {86F14831-D88C-4BC8-B871-C8FB24D95D9B} URL = hxxp://www.questbasic.com/?prt=QUESTBASIC115&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {15D811D6-979A-4DA0-9B21-A6E02AEABAEF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enPR424
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {725CD0FD-E768-4688-8C55-737ECFC45B9A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYPR&apn_uid=86cce8eb-7323-4373-945c-8de03f68aa13&apn_sauid=66FC72E2-8548-4A60-94A5-6A177B8B44D9
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {7471505B-AC8E-4FAF-91E8-AC6C2DF30832} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {86F14831-D88C-4BC8-B871-C8FB24D95D9B} URL = hxxp://www.questbasic.com/?prt=QstbscWD3&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={EA6129FF-1E39-4B47-B33C-810F46964719}&mid=c20020b1ca8547d08ecf59e75bb68709-77e0675c7eabe5487228156e856413edaed39688&lang=en&ds=pp011&pr=sa&d=2012-07-22 23:46:53&v=12.1.0.20&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = 
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> {F1D9DB74-5002-4534-A97F-7ED65C04C649} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Radio Canyon -> {11111111-1111-1111-1111-110611081104} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14] (Babylon BHO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-08] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-09] (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-08] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06] (AVAST Software)
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14] (Babylon Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-09] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-3864181941-259514421-1745186122-1003 -> is enabled.
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-14] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3864181941-259514421-1745186122-1003: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.iminent.com/?appId=CB303401-3EB7-464D-AC69-8CECF686EB68
CHR NewTab: Default ->  Active:"chrome-extension://iplaninjmgmgajaogojniphlojmebnod/stubby.html", Active:"chrome-extension://jinlofiojphnmpllecgejammnjcmeipf/stubby.html", Active:"chrome-extension://jhimebnnaphjchlhcdgdlbfmlbbbaank/stubby.html", Active:"chrome-extension://gcncagkkhfoombgbihckkccmkjemhohl/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.iminent.com/?appId=CB303401-3EB7-464D-AC69-8CECF686EB68&ref=toolbox&q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.iminent.com
CHR Profile: C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (YouTube) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Búsqueda de Google) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Allin1Convert) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-08-31]
CHR Extension: (avast! WebRep) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-04-15]
CHR Extension: (PDFConverterHQ) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplaninjmgmgajaogojniphlojmebnod [2016-10-08]
CHR Extension: (SnapMyScreen) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhimebnnaphjchlhcdgdlbfmlbbbaank [2015-08-31]
CHR Extension: (Internet Speed Tracker) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2015-08-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-11-24]
 
Opera: 
=======
OPR Extension: (Radio Canyon) - C:\Users\wesley\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2015-08-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-09-06] (AVAST Software)
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [807936 2016-03-05] (Digital Care Solutions) [File not signed]
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 npggsvc; C:\windows\system32\GameMon.des [3897432 2011-09-18] (INCA Internet Co., Ltd.) [File not signed]
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S3 scan; C:\Program Files\BDServices\scan.dll [502504 2016-02-22] (Bitdefender)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\windows\system32\Drivers\aswFsBlk.sys [20568 2011-09-06] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [54616 2011-09-06] (AVAST Software)
R1 aswRdr; C:\windows\system32\Drivers\aswRdr.sys [34392 2011-09-06] (AVAST Software)
R1 aswSnx; C:\windows\system32\Drivers\aswSnx.sys [442200 2011-09-06] (AVAST Software)
R1 aswSP; C:\windows\system32\Drivers\aswSP.sys [320856 2011-09-06] (AVAST Software)
R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [52568 2011-09-06] (AVAST Software)
R1 BdAgent; C:\windows\System32\DRIVERS\BdAgent.sys [98616 2013-11-06] (BullGuard Ltd.)
S3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-02] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 taphss6; C:\windows\System32\DRIVERS\taphss6.sys [35592 2012-10-24] (Anchorfree Inc.)
S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [408280 2016-02-22] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 apf001; \??\C:\AeriaGames\Wolfteam\apf001.sys [X]
S1 kbutqwgi; \??\C:\windows\system32\drivers\kbutqwgi.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 10:41 - 2017-04-24 10:43 - 00022107 _____ C:\Users\wesley\Downloads\FRST.txt
2017-04-24 10:39 - 2017-04-24 10:41 - 00000000 ___DC C:\FRST
2017-04-24 10:36 - 2017-04-24 10:36 - 01767936 _____ (Farbar) C:\Users\wesley\Downloads\FRST.exe
2017-04-24 08:55 - 2017-04-24 08:55 - 00000000 ____D C:\Users\wesley\AppData\Local\BlueStacks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 10:41 - 2009-07-13 23:34 - 00017504 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-24 10:41 - 2009-07-13 23:34 - 00017504 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-24 09:47 - 2009-12-03 23:14 - 00848194 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-24 09:47 - 2009-07-13 21:37 - 00000000 ____D C:\windows\inf
2017-04-24 09:40 - 2013-05-12 20:31 - 00000418 ____H C:\windows\Tasks\schedule!3036567561.job
2017-04-24 09:40 - 2011-05-01 01:07 - 00000000 ____D C:\Users\wesley\AppData\Local\CrashDumps
2017-04-24 09:40 - 2009-07-13 23:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-24 09:39 - 2013-01-09 19:49 - 00000000 ____D C:\Program Files\WinRAR
2017-04-24 09:20 - 2012-05-31 15:52 - 00000000 ____D C:\Users\wesley\Desktop\FOTOS DE KINY
2017-04-24 08:57 - 2016-05-23 17:53 - 00000000 ____D C:\Program Files\vShare Helper
2017-04-24 08:55 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-24 08:05 - 2012-05-31 12:55 - 00001070 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864181941-259514421-1745186122-1003UA.job
2017-04-07 10:54 - 2016-10-12 07:44 - 00002138 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-07 10:54 - 2013-01-23 20:31 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 18:00 - 2016-03-13 10:30 - 00000458 _____ C:\windows\Tasks\PC Utility Kit Registration3.job
2017-04-06 17:12 - 2012-05-31 12:55 - 00001048 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864181941-259514421-1745186122-1003Core.job
 
==================== Files in the root of some directories =======
 
2015-10-04 11:59 - 2015-10-04 11:59 - 6420480 _____ () C:\Program Files\GUT80C8.tmp
2015-06-29 18:39 - 2015-06-29 18:39 - 6420480 _____ () C:\Program Files\GUT9242.tmp
2015-08-30 13:27 - 2015-08-30 13:27 - 6420480 _____ () C:\Program Files\GUTE7E3.tmp
2015-06-30 20:05 - 2015-06-30 20:05 - 6420480 _____ () C:\Program Files\GUTFCE2.tmp
2015-10-17 11:37 - 2015-10-17 11:37 - 0000288 _____ () C:\Users\wesley\AppData\Roaming\.backup.dm
2015-10-04 11:23 - 2016-03-13 10:30 - 0000053 _____ () C:\Users\wesley\AppData\Roaming\LogFile.txt
2005-04-07 21:16 - 2005-04-07 21:16 - 0051764 ____H () C:\Users\wesley\AppData\Roaming\wesleylog.dat
2015-07-27 19:58 - 2015-07-27 19:58 - 0001291 _____ () C:\Users\wesley\AppData\Local\Chrome .lnk
2015-07-27 19:56 - 2015-08-23 19:01 - 0000300 _____ () C:\Users\wesley\AppData\Local\Firefox .lnk
2015-07-27 19:56 - 2015-07-27 19:56 - 0001131 _____ () C:\Users\wesley\AppData\Local\Iexplore .lnk
2015-06-20 23:11 - 2015-06-20 23:11 - 0000000 _____ () C:\Users\wesley\AppData\Local\{7B53B28E-B128-4617-9F90-912BA226D641}
2012-03-17 01:41 - 2012-03-17 01:41 - 0000000 _____ () C:\ProgramData\1e949e4757c1991f96d5b483820aeff5_c
 
Some files in TEMP:
====================
2014-02-24 15:22 - 2014-02-24 15:26 - 19440272 _____ () C:\Users\wesley\AppData\Local\Temp\BullGuard Internet Security Setup.exe
2017-04-24 08:55 - 2016-04-26 15:37 - 0246808 _____ (BlueStack Systems) C:\Users\wesley\AppData\Local\Temp\HD-Logger-Native.dll
2017-04-24 08:55 - 2016-04-26 15:39 - 0128536 _____ (BlueStack Systems) C:\Users\wesley\AppData\Local\Temp\HD-ShortcutHandler.dll
2016-07-07 22:56 - 2017-01-02 23:10 - 0027411 _____ () C:\Users\wesley\AppData\Local\Temp\i4jdel0.exe
2017-01-02 23:10 - 2017-01-02 23:10 - 0027411 _____ () C:\Users\wesley\AppData\Local\Temp\i4jdel1.exe
2016-07-07 22:59 - 2016-07-07 22:59 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-2462961996123452137.dll
2016-07-07 22:55 - 2016-07-07 22:55 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-2801229427991477087.dll
2016-07-07 22:35 - 2016-07-07 22:35 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-3735828299792178004.dll
2016-07-07 22:57 - 2016-07-07 22:57 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-5645332855371085009.dll
2017-04-24 08:48 - 2017-04-24 08:48 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-5968023056993654973.dll
2016-07-07 22:55 - 2016-07-07 22:55 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-6141804168443416600.dll
2016-07-07 22:47 - 2016-07-07 22:47 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-7916312059082348257.dll
2017-02-26 11:29 - 2017-02-26 11:29 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-7966270796782146389.dll
2016-07-07 22:56 - 2016-07-07 22:56 - 0017408 ____N (Red Hat®, Inc.) C:\Users\wesley\AppData\Local\Temp\jansi-32-8355651005014602699.dll
2017-04-24 08:55 - 2016-04-26 05:11 - 0552472 _____ (BlueStack Systems, Inc.) C:\Users\wesley\AppData\Local\Temp\uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-04-10 18:12
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:30 AM

Posted 25 April 2017 - 07:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar tool one more time.
Post a Fresh FRST log and include the Addition.txt file that was created by running this tool.

Please post the logs.

Wait for further instructions.

p.s.
Do you have the Installation disk fo the Windows 10 Update?
==============================

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:30 AM

Posted 30 April 2017 - 08:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users