[code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : MARCIN-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Marcin-Komputer\Marcin UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2016-06-03 15:14:14 Scan mode . . . . . . : Normal Scan duration . . . . : 8m 54s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 1 708 283 Files scanned . . . . : 24 960 Remnants scanned . . : 364 504 files / 1 318 819 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8004B6C9E0 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA80049FD2C0 +0 Solution DriverObject . . . : FFFFFA8004B6C9E0 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF88000C7C4D8 \SystemRoot\system32\drivers\ataport.SYS+29912 Suspicious files ____________________________________________________________ C:\Users\Marcin\Downloads\FRST64.exe Size . . . . . . . : 2 383 872 bytes Age . . . . . . . : 0.2 days (2016-06-03 09:56:04) Entropy . . . . . : 7.6 SHA-256 . . . . . : 68D3444DC8EED7750F78DB574D0714A4811794E9A57AE09D259711ED79A431EA Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -11.1s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06689aae78391fdb06b45cd3b6e5df69_d43581cd-162b-4e25-8d1e-0d4d2749eff0 -6.3s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7579723add7a05f530818c2dae84cd5_d43581cd-162b-4e25-8d1e-0d4d2749eff0 -4.6s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\61c74195a1ac27b426565d3b6b44cf8b_d43581cd-162b-4e25-8d1e-0d4d2749eff0 -3.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e497ad3a195d8ae037df8550ef1bdc8_d43581cd-162b-4e25-8d1e-0d4d2749eff0 -1.5s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd4698c5601e7825b8fc505444b20956_d43581cd-162b-4e25-8d1e-0d4d2749eff0 0.0s C:\Users\Marcin\Downloads\FRST64.exe Potential Unwanted Programs _________________________________________________ search.conduit.com C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Web Data trovi.search C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Web Data [/code]