[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : MINER-PBG_DAMIA Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : Miner-PBG_Damia\Damian UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-01-09 08:57:26 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 42 Objects scanned . . . : 2 345 426 Files scanned . . . . : 46 656 Remnants scanned . . : 405 918 files / 1 892 852 keys Suspicious files ____________________________________________________________ C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\L6A1SU1O\FRST64[1].exe Size . . . . . . . : 2 419 200 bytes Age . . . . . . . : 0.0 days (2017-01-09 08:28:12) Entropy . . . . . : 7.6 SHA-256 . . . . . : 0B4E2E914C2BE30FF539A204F1BE480058F1BDAAE2483C0C960EB4A2CFAA2C4A Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.5s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\0RLQ5Q3F\up64[2] -2.1s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\0RLQ5Q3F\82[1].htm -0.9s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\EW3NW0CN.cookie -0.9s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\ZUCCOGQ1\82[1].htm -0.5s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2 -0.5s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2 -0.4s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F -0.4s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F -0.2s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E -0.2s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E 0.0s C:\Users\Damian\Downloads\FRST64.exe 0.0s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\L6A1SU1O\FRST64[1].exe 2.6s C:\Users\Damian\Downloads\FRST-OlderVersion\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\ 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\manifest.json 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\manifest.fingerprint 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth 20.6s C:\FRST\Logs\ct 20.6s C:\Users\Damian\Downloads\Fixlog.txt 22.7s C:\Windows\System32\restore\MachineGuid.txt C:\Users\Damian\Downloads\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2 418 176 bytes Age . . . . . . . : 4.0 days (2017-01-05 08:35:57) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7B1EAFF262CB947F39609AA61124E60FD28DCD3CCD592DA5826588D3ECDA1E8F Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Damian\Downloads\FRST64.exe Size . . . . . . . : 2 419 200 bytes Age . . . . . . . : 0.0 days (2017-01-09 08:28:12) Entropy . . . . . : 7.6 SHA-256 . . . . . : 0B4E2E914C2BE30FF539A204F1BE480058F1BDAAE2483C0C960EB4A2CFAA2C4A Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -2.5s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\0RLQ5Q3F\up64[2] -2.1s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\0RLQ5Q3F\82[1].htm -0.9s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\EW3NW0CN.cookie -0.9s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\ZUCCOGQ1\82[1].htm -0.5s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2 -0.5s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2 -0.4s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F -0.4s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F -0.2s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E -0.2s C:\Users\Damian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E 0.0s C:\Users\Damian\Downloads\FRST64.exe 0.0s C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCache\IE\L6A1SU1O\FRST64[1].exe 2.6s C:\Users\Damian\Downloads\FRST-OlderVersion\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth 20.1s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\ 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\manifest.json 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\manifest.fingerprint 20.2s C:\Users\Damian\AppData\Local\Google\Chrome\User Data\CertificateTransparency\267\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth 20.6s C:\FRST\Logs\ct 20.6s C:\Users\Damian\Downloads\Fixlog.txt 22.7s C:\Windows\System32\restore\MachineGuid.txt Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) Cookies _____________________________________________________________________ C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\1YBLQN6J.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\2H1PTQEQ.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\37OMXGDS.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\4CY7BXJW.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\4KMPD5A1.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\4QCB0V8L.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\50H1TG38.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\6K5B88QG.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\7GMJ1M6T.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\8PTX5VF0.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\8TRMUAKK.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\AZ4F6KLA.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\B7WS48SA.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\BRQ0QYF3.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\D7W6EZ5B.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\EA76KPMM.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\FLLB8GNY.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\H15S33GX.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\K4TJ2X2S.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\L4UK0PYE.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\LNDIS2MB.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\LOC8LMSO.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\MDO8MATT.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\MXD5F4O0.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\NGW00U07.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\NNEDGEAR.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\O5SPXPCM.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\PD52XL0G.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\POOPNYDT.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\T1VCUWPU.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\UZZBE5S0.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\WG670SCB.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\X0T90MDY.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\ZJ851YWM.cookie C:\Users\Damian\AppData\Local\Microsoft\Windows\INetCookies\Low\ZLYZLW62.cookie [/code]