Code:HitmanPro 3.7.9.232 www.hitmanpro.com Computer name . . . . : GARY-PC No threats found by HitmanPro. Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Gary-PC\Gary UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-12-04 20:53:01 Scan mode . . . . . . : Normal Scan duration . . . . : 16m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 22 Objects scanned . . . : 2,544,925 Files scanned . . . . : 125,643 Remnants scanned . . : 614,560 files / 1,804,722 keys Suspicious files ____________________________________________________________ C:\Users\Gary\Documents\Desktop\FRST64.exe Size . . . . . . . : 2,117,120 bytes Age . . . . . . . : 1.4 days (2014-12-03 10:45:14) Entropy . . . . . : 7.5 SHA-256 . . . . . : E1ED88101A9684F15DC44DF32A3E6122EA5CF137F6938EE7E5824EF14DB3135C Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-4182513893-1721642328-4106206644-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Gary\Documents\Desktop\FRST64.exe Forensic Cluster 0.0s C:\Users\Gary\Documents\Desktop\FRST64.exe 3.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{665B722D-92F9-4A19-8EA7-4D667D627141} Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) Cookies _____________________________________________________________________ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com