[code] HitmanPro 3.7.9.216 www.hitmanpro.com Computer name . . . . : RUDY Windows . . . . . . . : 6.3.0.9600.X64/6 User name . . . . . . : RUDY\rudy UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2014-05-05 13:17:01 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 8s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 1 Traces . . . . . . . : 69 Objects scanned . . . : 1 807 818 Files scanned . . . . : 65 649 Remnants scanned . . : 533 655 files / 1 208 514 keys Suspicious files ____________________________________________________________ C:\Program Files (x86)\DFX\DFX.exe Size . . . . . . . : 1 274 840 bytes Age . . . . . . . : 257.8 days (2013-08-20 19:03:18) Entropy . . . . . : 6.5 SHA-256 . . . . . : 7AA9C080C3CAD1B81ADDDE94C3C9B43CA8F95EB3A3F59926189666C0F934F695 RSA Key Size . . . : 2048 Authenticode . . . : Invalid Running processes : 7196 Fuzzy . . . . . . : 24.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. The file is in use by one or more active processes. The file appears to be part of an installation package or setup program. This is typical for most programs. References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer\DFX.lnk Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey) -> Deleted Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel) -> Deleted HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel) -> PendingDelete HKLM\SOFTWARE\Wow6432Node\Systweak\RegClean Pro\ (RegClean Pro) -> Deleted HKLM\SOFTWARE\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player) -> Deleted HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}\ (FLV Player) -> Deleted HKU\S-1-5-21-97013743-367271117-1749945917-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted HKU\S-1-5-21-97013743-367271117-1749945917-1001\Software\Optimizer Pro\ (PCOptimizerPro) -> Deleted Repairs _____________________________________________________________________ hosts C:\WINDOWS\system32\drivers\etc\ Cookies _____________________________________________________________________ C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adhese.be C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pebblemedia.adhese.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\rudy\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de C:\Users\rudy\AppData\Local\Microsoft\Windows\INetCookies\8PTMI50H.txt C:\Users\rudy\AppData\Local\Microsoft\Windows\INetCookies\G9OD5L1U.txt C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ad.360yield.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ad.yieldpartners.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ad.zanox.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.ad4game.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.creative-serving.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.pebblemedia.adhese.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.pubmatic.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.socialvi.be C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ads.yahoo.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:adserving.unibet.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:adtech.de C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:adtechus.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:advertising.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:at.atwola.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:atdmt.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:bs.serving-sys.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:burstnet.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:casalemedia.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:chitika.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:collective-media.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:cstatic.weborama.fr C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:doubleclick.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:eas.apm.emediate.eu C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:exoclick.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ffddela.solution.weborama.fr C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:media6degrees.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:mm.chitika.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:nl.sitestat.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:questionmarket.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:revsci.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:ru4.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:server.cpmstar.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:serving-sys.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:sexprofielen.nl C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:smartadserver.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:statcounter.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:survey.g.doubleclick.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:track.adform.net C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:tradedoubler.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:tribalfusion.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:weborama.fr C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:www.googleadservices.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:xiti.com C:\Users\rudy\AppData\Roaming\Mozilla\Firefox\Profiles\52rm5lmr.default\cookies.sqlite:zedo.com [/code]