Ruby
Admin
Number of posts : 854
Registration date : 2008-11-26
 | Subject: Farbar Recovery Scan tool  Sun Nov 19, 2017 2:34 pm | |
| This tool seems to have replaced the now old HJT logs for diagnostic purposes ; this link goes to a variety of information for you to read >>> FRST tool info<<< This link is taken from the malware circuit for your reference only - Quote :
- Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Lucas (24-10-2017 22:32:44) Run:1
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas & Luucas & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2017-10-11 04:26 - 2017-10-11 04:38 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\BitTorrent
2017-10-11 04:14 - 2017-10-11 04:15 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG]
2017-10-11 04:12 - 2017-10-18 23:33 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT
2017-10-10 14:13 - 2017-10-10 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-02 14:13 - 2017-10-17 20:07 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy
2017-10-02 14:13 - 2017-10-02 14:14 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG]
2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG]
2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG]
2017-10-01 21:27 - 2017-10-03 21:36 - 000000000 ____D C:\Users\Lucas\AppData\Local\Alt1Toolkit
2017-10-01 21:27 - 2017-10-01 21:27 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps
2017-09-28 23:20 - 2017-09-28 23:21 - 000000000 ____D C:\Users\Lucas\OSBuddy
2017-09-28 16:10 - 2017-10-12 19:59 - 000000000 ____D C:\Program Files\rempl
2017-09-27 22:55 - 2017-09-27 22:55 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2017-09-22 04:27 - 2017-09-22 04:27 - 000000000 ____D C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT
2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\dcunningham.net
2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Local\dcunningham.net
2017-09-22 04:20 - 2017-09-22 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-09-22 04:12 - 2017-09-22 04:12 - 000000000 ____D C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\expressvpn
2017-09-21 03:13 - 2017-09-21 03:23 - 000000000 ____D C:\Users\Lucas\Desktop\Aurora-master
2017-09-19 21:32 - 2017-09-19 21:32 - 000000000 ____D C:\Users\Lucas\AppData\Local\CrashRpt
Task: {07357B02-9DCB-4825-87A2-B4A76062DFB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1924AE72-870F-47CC-B6CC-5155B913EC50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1DC9F707-1D59-4053-9688-44F871B525CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2C350C65-6623-45E3-B19A-51A8F5870E44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2E530D42-E2C2-4DB8-9BB7-93975DE43405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3AC9D602-151A-4951-B754-E60AB3B4FC09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {460DE789-B53E-4088-B913-98B86BC0FEC6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63F9A26F-1FFE-42BF-98EC-CCBE71C65085} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4B40063-F209-4BDF-A245-C7321220B2BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Lucas\AppData\Local\Temp:$DATA [16]
FirewallRules: [{C00B72F6-8EEE-4ABB-8731-A15C782BE72E}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6ECFC39A-264D-4098-A60D-4F61FD306929}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40B7A2A4-831F-47A7-A22B-696C2E98A8CF}] => (Allow) ????????????????????????????e
FirewallRules: [{8005D10A-1A36-4588-9189-1A08DD910AA0}] => (Allow) ??????????????????????????e
FirewallRules: [{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7}] => (Allow) ????????????????????????????
FirewallRules: [{D884B386-6771-47E1-9994-217FA2526758}] => (Allow) ??????????????????????????
FirewallRules: [{217E358B-4D32-40C8-845D-0BE7647D1D01}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{786E5A88-6460-4530-8023-68A192053DFA}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F9D9C4CF-D559-40AE-8C55-E29CDF13A989}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{060A6550-B73A-4A48-8C68-315EA0A13137}] => (Allow) LPort=1688
C:\Users\Lucas\AppData\LocalLow\BitTorrent
C:\Users\Lucas\AppData\Roaming\uTorrent
C:\Users\Lucas\AppData\Roaming\BitTorrent
EmptyTemp:
CMD: ipconfig /flushdns
*****************
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User => moved successfully
HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Lucas\AppData\LocalLow\BitTorrent => moved successfully
C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG] => moved successfully
C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype => moved successfully
C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy => moved successfully
C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
C:\Users\Lucas\AppData\Local\Alt1Toolkit => moved successfully
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps => moved successfully
C:\Users\Lucas\OSBuddy => moved successfully
C:\Program Files\rempl => moved successfully
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape => moved successfully
C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT => moved successfully
C:\Users\Lucas\AppData\Roaming\dcunningham.net => moved successfully
C:\Users\Lucas\AppData\Local\dcunningham.net => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN => moved successfully
C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN => moved successfully
C:\Program Files (x86)\ExpressVpn Tap Driver Win10 => moved successfully
"C:\Program Files (x86)\expressvpn" folder move:
Could not move "C:\Program Files (x86)\expressvpn" => Scheduled to move on reboot.
C:\Users\Lucas\Desktop\Aurora-master => moved successfully
C:\Users\Lucas\AppData\Local\CrashRpt => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
C:\Users\Lucas\AppData\Local\Temp => ":$DATA" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C00B72F6-8EEE-4ABB-8731-A15C782BE72E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6ECFC39A-264D-4098-A60D-4F61FD306929} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40B7A2A4-831F-47A7-A22B-696C2E98A8CF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8005D10A-1A36-4588-9189-1A08DD910AA0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D884B386-6771-47E1-9994-217FA2526758} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{217E358B-4D32-40C8-845D-0BE7647D1D01} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{786E5A88-6460-4530-8023-68A192053DFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9D9C4CF-D559-40AE-8C55-E29CDF13A989} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{060A6550-B73A-4A48-8C68-315EA0A13137} => value removed successfully
"C:\Users\Lucas\AppData\LocalLow\BitTorrent" => not found.
"C:\Users\Lucas\AppData\Roaming\uTorrent" => not found.
"C:\Users\Lucas\AppData\Roaming\BitTorrent" => not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135358917 B
Java, Flash, Steam htmlcache => 519386913 B
Windows/system/drivers => 187766 B
Edge => 0 B
Chrome => 656850107 B
Firefox => 9162966 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4530 B
NetworkService => 198284 B
Lucas => 23312650163 B
purpl => 143892972 B
DefaultAppPool => 0 B
RecycleBin => 869446455 B
EmptyTemp: => 23.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-10-2017 22:34:14)
C:\Program Files (x86)\expressvpn => Is moved successfully
==== End of Fixlog 22:34:14 ==== But you may note the presence of Bit Torrent which is a file sharing program and one that is guaranteed to get you infected As other information threads on this forum warn.... whichever forum you go to to get your machine cleaned you will need to follow exactly their specific instructions on what scans to run and how to run them  NB Disclaimer as always; any scan you run is of course run at your own risk | |
|
