[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : DELLIK Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Dellik\Ola UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2017-01-05 20:21:27 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 43 Objects scanned . . . : 2 085 171 Files scanned . . . . : 63 305 Remnants scanned . . : 517 380 files / 1 504 486 keys Suspicious files ____________________________________________________________ C:\Users\Ola\Desktop\FRST\FRST64.exe Size . . . . . . . : 2 418 176 bytes Age . . . . . . . : 2.0 days (2017-01-03 19:15:58) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7B1EAFF262CB947F39609AA61124E60FD28DCD3CCD592DA5826588D3ECDA1E8F Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}\ (Jotzey) Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon) HKU\S-1-5-21-1190775597-3038459951-4028443085-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-1190775597-3038459951-4028443085-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel) HKU\S-1-5-21-1190775597-3038459951-4028443085-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel) HKU\S-1-5-21-1190775597-3038459951-4028443085-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ (Rocketfuel) Cookies _____________________________________________________________________ C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:3135740712.log.optimizely.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:addthis.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:adform.net C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:adnxs.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:adsrvr.org C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:agkn.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:atdmt.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:bidswitch.net C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:bluekai.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:crwdcntrl.net C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:doubleclick.net C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:dynamicyield.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:liverail.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:mathtag.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:mookie1.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:openx.net C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:rlcdn.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:scorecardresearch.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:sitescout.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:smartadserver.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:tradedoubler.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:turn.com C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\0gjt6u80.default-1483550926526\cookies.sqlite:www.googleadservices.com [/code]