TSNF2


 
HomeFAQSearchRegisterLog in

Share | 
 

 Farbar Recovery Scan tool

View previous topic View next topic Go down 
AuthorMessage
Ruby
Admin
Admin


Number of posts : 780
Registration date : 2008-11-26

PostSubject: Farbar Recovery Scan tool   Sun Nov 19, 2017 2:34 pm

This tool seems to have replaced the now old HJT logs for diagnostic purposes ; this link goes to  a  variety of information for you to read

>>>FRST tool info<<<

This link is taken from the malware circuit for your reference only


Quote :
Code: Select all

   Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
   Ran by Lucas (24-10-2017 22:32:44) Run:1
   Running from C:\Users\Lucas\Desktop
   Loaded Profiles: Lucas (Available Profiles: Lucas & Luucas & DefaultAppPool)
   Boot Mode: Normal
   ==============================================

   fixlist content:
   *****************
   CreateRestorePoint:

   HKLM-x32\...\Run: [] => [X]
   HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
   GroupPolicy: Restriction <==== ATTENTION
   GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User: Restriction <==== ATTENTION
   Toolbar: HKU\S-1-5-21-3154826165-2591789761-3766887662-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
   2017-10-11 04:26 - 2017-10-11 04:38 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\BitTorrent
   2017-10-11 04:14 - 2017-10-11 04:15 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG]
   2017-10-11 04:12 - 2017-10-18 23:33 - 000000000 ____D C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT
   2017-10-10 14:13 - 2017-10-10 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
   2017-10-02 14:13 - 2017-10-17 20:07 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy
   2017-10-02 14:13 - 2017-10-02 14:14 - 000000000 ____D C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG]
   2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG]
   2017-10-02 14:12 - 2017-10-02 14:12 - 000000000 ____D C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG]
   2017-10-01 21:27 - 2017-10-03 21:36 - 000000000 ____D C:\Users\Lucas\AppData\Local\Alt1Toolkit
   2017-10-01 21:27 - 2017-10-01 21:27 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps
   2017-09-28 23:20 - 2017-09-28 23:21 - 000000000 ____D C:\Users\Lucas\OSBuddy
   2017-09-28 16:10 - 2017-10-12 19:59 - 000000000 ____D C:\Program Files\rempl
   2017-09-27 22:55 - 2017-09-27 22:55 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
   2017-09-22 04:27 - 2017-09-22 04:27 - 000000000 ____D C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT
   2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\dcunningham.net
   2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\Lucas\AppData\Local\dcunningham.net
   2017-09-22 04:20 - 2017-09-22 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
   2017-09-22 04:12 - 2017-09-22 04:12 - 000000000 ____D C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM
   2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
   2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
   2017-09-22 04:09 - 2017-09-22 04:09 - 000000000 ____D C:\Program Files (x86)\expressvpn
   2017-09-21 03:13 - 2017-09-21 03:23 - 000000000 ____D C:\Users\Lucas\Desktop\Aurora-master
   2017-09-19 21:32 - 2017-09-19 21:32 - 000000000 ____D C:\Users\Lucas\AppData\Local\CrashRpt
   Task: {07357B02-9DCB-4825-87A2-B4A76062DFB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
   Task: {1924AE72-870F-47CC-B6CC-5155B913EC50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
   Task: {1DC9F707-1D59-4053-9688-44F871B525CF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
   Task: {2C350C65-6623-45E3-B19A-51A8F5870E44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
   Task: {2E530D42-E2C2-4DB8-9BB7-93975DE43405} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
   Task: {3AC9D602-151A-4951-B754-E60AB3B4FC09} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
   Task: {460DE789-B53E-4088-B913-98B86BC0FEC6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
   Task: {63F9A26F-1FFE-42BF-98EC-CCBE71C65085} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
   Task: {67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
   Task: {95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
   Task: {A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
   Task: {D4B40063-F209-4BDF-A245-C7321220B2BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
   AlternateDataStreams: C:\Users\Lucas\AppData\Local\Temp:$DATA [16]
   FirewallRules: [{C00B72F6-8EEE-4ABB-8731-A15C782BE72E}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{6ECFC39A-264D-4098-A60D-4F61FD306929}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
   FirewallRules: [{40B7A2A4-831F-47A7-A22B-696C2E98A8CF}] => (Allow) ????????????????????????????e
   FirewallRules: [{8005D10A-1A36-4588-9189-1A08DD910AA0}] => (Allow) ??????????????????????????e
   FirewallRules: [{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7}] => (Allow) ????????????????????????????
   FirewallRules: [{D884B386-6771-47E1-9994-217FA2526758}] => (Allow) ??????????????????????????
   FirewallRules: [{217E358B-4D32-40C8-845D-0BE7647D1D01}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{786E5A88-6460-4530-8023-68A192053DFA}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{F9D9C4CF-D559-40AE-8C55-E29CDF13A989}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C}] => (Allow) C:\Users\Lucas\AppData\Roaming\BitTorrent\BitTorrent.exe
   FirewallRules: [{060A6550-B73A-4A48-8C68-315EA0A13137}] => (Allow) LPort=1688

   C:\Users\Lucas\AppData\LocalLow\BitTorrent
   C:\Users\Lucas\AppData\Roaming\uTorrent
   C:\Users\Lucas\AppData\Roaming\BitTorrent

   EmptyTemp:
   CMD: ipconfig /flushdns
   *****************

   Restore point was successfully created.
   HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
   HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
   C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
   C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
   C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3154826165-2591789761-3766887662-1020\User => moved successfully
   HKU\S-1-5-21-3154826165-2591789761-3766887662-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
   HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
   C:\Users\Lucas\AppData\LocalLow\BitTorrent => moved successfully
   C:\Users\Lucas\Downloads\John.Wick.2014.1080p.BluRay.AC3.x264-tomcat12[ETRG] => moved successfully
   C:\Users\Lucas\Downloads\John.Wick.Chapter.2.2017.1080p.WEB-DL.DD5.1.H264-FGT => moved successfully
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype => moved successfully
   C:\Users\Lucas\Downloads\A Day To Remember-Common Courtesy => moved successfully
   C:\Users\Lucas\Downloads\A Day To Remember - Bad Vibrations (Deluxe) (2016) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
   C:\Users\Lucas\Downloads\NF - Therapy Session (2016)~[MP3~320kbps]~[Hunter] [FRG] => moved successfully
   C:\Users\Lucas\Downloads\NF - Mansion (2015) [MP3~320Kbps]~[Hunter] [FRG] => moved successfully
   C:\Users\Lucas\AppData\Local\Alt1Toolkit => moved successfully
   C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps => moved successfully
   C:\Users\Lucas\OSBuddy => moved successfully
   C:\Program Files\rempl => moved successfully
   C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape => moved successfully
   C:\Users\Lucas\Downloads\The.Hitmans.Bodyguard.2017.WEBRip.x264-FGT => moved successfully
   C:\Users\Lucas\AppData\Roaming\dcunningham.net => moved successfully
   C:\Users\Lucas\AppData\Local\dcunningham.net => moved successfully
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN => moved successfully
   C:\Users\Lucas\Downloads\The Hitmans Bodyguard 2017 720p BrRip x264 - CM => moved successfully
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN => moved successfully
   C:\Program Files (x86)\ExpressVpn Tap Driver Win10 => moved successfully

   "C:\Program Files (x86)\expressvpn" folder move:

   Could not move "C:\Program Files (x86)\expressvpn" => Scheduled to move on reboot.

   C:\Users\Lucas\Desktop\Aurora-master => moved successfully
   C:\Users\Lucas\AppData\Local\CrashRpt => moved successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07357B02-9DCB-4825-87A2-B4A76062DFB7} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1924AE72-870F-47CC-B6CC-5155B913EC50} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DC9F707-1D59-4053-9688-44F871B525CF} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C350C65-6623-45E3-B19A-51A8F5870E44} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E530D42-E2C2-4DB8-9BB7-93975DE43405} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AC9D602-151A-4951-B754-E60AB3B4FC09} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460DE789-B53E-4088-B913-98B86BC0FEC6} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63F9A26F-1FFE-42BF-98EC-CCBE71C65085} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BB6B4D-9DDE-46FA-BC8A-BBA2EC185C96} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95FA2C0C-BD2D-4753-A7CB-4DC31034FED0} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6ED3CA2-3657-4391-ACBA-84ACF7A42CD0} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B40063-F209-4BDF-A245-C7321220B2BF} => key removed successfully
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
   C:\Users\Lucas\AppData\Local\Temp => ":$DATA" ADS removed successfully.
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C00B72F6-8EEE-4ABB-8731-A15C782BE72E} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A7D1A9F-D7F2-41BB-9639-FCE9FA313F5B} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9CD2F70-DB5B-4FBA-B8FC-E8678DE3622A} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D5CD6D1-A81B-4818-AB72-A9E1FCABB509} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA34AC1F-8891-4A18-BD7A-BAD675D4EDB7} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6ECFC39A-264D-4098-A60D-4F61FD306929} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40B7A2A4-831F-47A7-A22B-696C2E98A8CF} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8005D10A-1A36-4588-9189-1A08DD910AA0} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF1F10AF-D0EC-4922-BCE4-1B70682B73E7} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D884B386-6771-47E1-9994-217FA2526758} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{217E358B-4D32-40C8-845D-0BE7647D1D01} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{786E5A88-6460-4530-8023-68A192053DFA} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ABC0BFB-4987-4EE2-BF8C-C02DFF566437} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9D9C4CF-D559-40AE-8C55-E29CDF13A989} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E9D19E-7B39-4D38-8358-A1BAA11C2EE9} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C98B787-3FCA-4F37-A90E-6619EBB3AA5C} => value removed successfully
   HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{060A6550-B73A-4A48-8C68-315EA0A13137} => value removed successfully
   "C:\Users\Lucas\AppData\LocalLow\BitTorrent" => not found.
   "C:\Users\Lucas\AppData\Roaming\uTorrent" => not found.
   "C:\Users\Lucas\AppData\Roaming\BitTorrent" => not found.

   ========= ipconfig /flushdns =========


   Windows IP Configuration

   Successfully flushed the DNS Resolver Cache.

   ========= End of CMD: =========


   =========== EmptyTemp: ==========

   BITS transfer queue => 0 B
   DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135358917 B
   Java, Flash, Steam htmlcache => 519386913 B
   Windows/system/drivers => 187766 B
   Edge => 0 B
   Chrome => 656850107 B
   Firefox => 9162966 B
   Opera => 0 B

   Temp, IE cache, history, cookies, recent:
   Default => 6144 B
   Users => 0 B
   ProgramData => 0 B
   Public => 0 B
   systemprofile => 128 B
   systemprofile32 => 128 B
   LocalService => 4530 B
   NetworkService => 198284 B
   Lucas => 23312650163 B
   purpl => 143892972 B
   DefaultAppPool => 0 B

   RecycleBin => 869446455 B
   EmptyTemp: => 23.9 GB temporary data Removed.

   ================================

   Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-10-2017 22:34:14)

   C:\Program Files (x86)\expressvpn => Is moved successfully

   ==== End of Fixlog 22:34:14 ====


But you may note the presence  of Bit Torrent which is a file sharing program and one that is guaranteed to  get you infected


As other information threads on this forum  warn.... whichever  forum you go to to get your machine cleaned you will need to follow exactly their specific instructions on what scans to run and how to run them lol!


NB Disclaimer as always; any scan you run is  of course run at your own risk  
Back to top Go down
View user profile
 
Farbar Recovery Scan tool
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Having issue with Selenium using Appian tool
» which defect tracking tool using in selenium?
» PFO closure and recovery information
» is there object spy option in selenium ID/ Tool
» [ANSWERED] Media Creation Tool

Permissions in this forum:You cannot reply to topics in this forum
TSNF2 :: Computer / Internet Q&A :: Computer Q&As :: Information & Tutorials-
Jump to: