[code] HitmanPro 3.8.16.310 www.hitmanpro.com Computer name . . . . : PPP-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X86/4 User name . . . . . . : ppp-Komputer\ppp UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2020-01-04 15:17:25 Scan mode . . . . . . : Normal Scan duration . . . . : 30m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 31 Objects scanned . . . : 1 773 342 Files scanned . . . . : 78 429 Remnants scanned . . : 477 963 files / 1 216 950 keys Suspicious files ____________________________________________________________ C:\Users\ppp\Documents\Downloads\FRST.exe Size . . . . . . . : 2 000 896 bytes Age . . . . . . . : 2.8 days (2020-01-01 19:35:35) Entropy . . . . . : 7.6 SHA-256 . . . . . : 82EF2A3D495DABE5682139B6A101EFDAFDA60DACAA192518FA086E295C90176A Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -35.9s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\00aa7d3ff3fbfb73_0 -35.9s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\b5d4adc0124e78fa_0 -12.5s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 -12.5s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 -12.2s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -12.2s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 -11.9s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\623b76f8779732aa00420cdabcce16b4_85e4d009-b199-4d68-a130-1de29bde5e2c -10.4s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_295EA7BDB9C67DAFB62F797DED492767 -10.4s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_295EA7BDB9C67DAFB62F797DED492767 -10.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6594041072122ff91e1c50a997cc241c_85e4d009-b199-4d68-a130-1de29bde5e2c -9.0s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\dacd5c00ec52541f_0 -9.0s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\e41575d3d548c5cf_0 -8.9s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\45147588a9ddec37_0 -8.1s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D -8.1s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D -7.8s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\8e38fdf04e6e02d2_0 -7.8s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C7BFCCBC907B3655E99AFBD4A1224793 -7.8s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C7BFCCBC907B3655E99AFBD4A1224793 -7.8s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\554682c70d4348e87d56caccc97341fe_85e4d009-b199-4d68-a130-1de29bde5e2c -7.8s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 -7.8s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 -7.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaaf297bb5ff793843a3ab58edaa7811_85e4d009-b199-4d68-a130-1de29bde5e2c -6.9s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\490e7d2c5f0fc433_0 -6.8s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\d1581c5a3230a71c_0 -6.6s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\0e444310a70a33eb_0 -6.6s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\e26c765fcf714829_0 -6.5s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\a13cb5812f66369a_0 -6.5s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\1d6c99b4f568206d_0 -4.6s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\cf96d3c30a43f719_0 -4.6s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\ee449e9dc0466458_0 -4.2s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_5FDD03068CBBD8A96F3AB9595BA10093 -4.2s C:\Users\ppp\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_5FDD03068CBBD8A96F3AB9595BA10093 -0.3s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\LOG.old -0.3s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\LOG -0.3s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\LOCK -0.3s C:\Users\ppp\AppData\Local\AVAST Software\Browser\User Data\Default\CURRENT 0.0s C:\Users\ppp\Documents\Downloads\FRST.exe 0.0s C:\Users\ppp\Documents\Downloads\ Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair) HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair) HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine.1.0\ (BoxoreOU) HKLM\SOFTWARE\Classes\Software.OneClickProcessLauncherMachine\ (BoxoreOU) HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32\ (ByteFence) HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS\ (ByteFence) HKLM\SOFTWARE\SlimWare Utilities Inc\ (SlimCleanerPlus) HKLM\SOFTWARE\SlimWare Utilities Inc\MachineID (SlimCleanerPlus) HKLM\SOFTWARE\SlimWare Utilities Inc\tbInstallationSessionID (SlimCleanerPlus) HKLM\SOFTWARE\SlimWare Utilities, Inc.\ (SlimCleanerPlus) HKLM\SYSTEM\ControlSet002\services\eventlog\Reason\ReasonByteFence\ (ByteFence) HKLM\SYSTEM\ControlSet003\services\eventlog\Reason\ReasonByteFence\ (ByteFence) HKLM\SYSTEM\ControlSet004\services\eventlog\Reason\ReasonByteFence\ (ByteFence) HKLM\SYSTEM\CurrentControlSet\services\eventlog\Reason\ReasonByteFence\ (ByteFence) HKU\S-1-5-21-2252132449-3646690567-3808692471-1000\Software\ProductSetup\1I1T1Q1S\ (TreasureTrack) HKU\S-1-5-21-2252132449-3646690567-3808692471-1000\Software\SlimWare Utilities Inc\ (SlimCleanerPlus) HKU\S-1-5-21-2252132449-3646690567-3808692471-1000\Software\SlimWare Utilities Inc\tbInstallationSessionID (SlimCleanerPlus) Cookies _____________________________________________________________________ C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\ppp\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com [/code]