[code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : USER-TOSH Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : User-TOSH\Laurens UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-04-21 17:58:50 Scan mode . . . . . . : Normal Scan duration . . . . : 8m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 1 Traces . . . . . . . : 44 Objects scanned . . . : 1.942.239 Files scanned . . . . : 113.704 Remnants scanned . . : 425.746 files / 1.402.789 keys Malware _____________________________________________________________________ C:\Users\Laurens\Downloads\Game of Thrones - 05x02 - The House of Black and White.exe -> Quarantined Size . . . . . . . : 391.168 bytes Age . . . . . . . : 6.7 days (2015-04-15 00:34:21) Entropy . . . . . : 6.1 SHA-256 . . . . . : 55420F1D0C32B734F406F8C71D2CC92E4BE60BE23730B7A93E3E018319F1D4F0 > Bitdefender . . . : Gen:Variant.Adware.Mplug.36 Fuzzy . . . . . . : 108.0 Suspicious files ____________________________________________________________ C:\Users\Laurens\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll Size . . . . . . . : 954.496 bytes Age . . . . . . . : 697.7 days (2013-05-23 23:50:50) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Laurens\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 954.496 bytes Age . . . . . . . : 697.7 days (2013-05-23 23:50:51) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Laurens\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll Size . . . . . . . : 915.149 bytes Age . . . . . . . : 697.7 days (2013-05-23 23:44:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Laurens\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 138.264 bytes Age . . . . . . . : 697.7 days (2013-05-23 23:45:21) Entropy . . . . . : 7.7 SHA-256 . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Laurens\Downloads\FRST64.exe Size . . . . . . . : 2.097.664 bytes Age . . . . . . . : 4.1 days (2015-04-17 14:54:31) Entropy . . . . . : 7.5 SHA-256 . . . . . : 5E25CB59ECC2FC8A9B2B8E852A4FF11621595BA5613AD601AF63742D7EAA3353 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Cookies _____________________________________________________________________ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\cookies.sqlite:apmebf.com C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\cookies.sqlite:atdmt.com C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\cookies.sqlite:doubleclick.net C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\cookies.sqlite:h.atdmt.com C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\cookies.sqlite:mediaplex.com C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Cookies\FDEZ79EF.txt C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Cookies\NVK9WJ1K.txt C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Cookies\OKQ40J95.txt C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Cookies\PO38O5NF.txt C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ad.360yield.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ad.zanox.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ads.creative-serving.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ads.pubmatic.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ads.stickyadstv.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ads.yieldmedia.net C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:adtech.de C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:adtechus.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:advertising.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:at.atwola.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:bs.serving-sys.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:burstnet.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:casalemedia.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:cstatic.weborama.fr C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:doubleclick.net C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ero-advertising.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:googleadservices.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:in.getclicky.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:media6degrees.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:revsci.net C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:ru4.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:serving-sys.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:smartadserver.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:track.adform.net C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:tradedoubler.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:weborama.fr C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:www.burstnet.com C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\cookies.sqlite:www.googleadservices.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wn9dy8c0.Laurens\cookies.sqlite:statse.webtrendslive.com [/code]