Code:
HitmanPro 3.7.9.232
www.hitmanpro.com
Computer name . . . . : GARY-PC
No threats found by HitmanPro.
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Gary-PC\Gary
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-12-04 20:53:01
Scan mode . . . . . . : Normal
Scan duration . . . . : 16m 1s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 22
Objects scanned . . . : 2,544,925
Files scanned . . . . : 125,643
Remnants scanned . . : 614,560 files / 1,804,722 keys
Suspicious files ____________________________________________________________
C:\Users\Gary\Documents\Desktop\FRST64.exe
Size . . . . . . . : 2,117,120 bytes
Age . . . . . . . : 1.4 days (2014-12-03 10:45:14)
Entropy . . . . . : 7.5
SHA-256 . . . . . : E1ED88101A9684F15DC44DF32A3E6122EA5CF137F6938EE7E5824EF14DB3135C
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-4182513893-1721642328-4106206644-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Gary\Documents\Desktop\FRST64.exe
Forensic Cluster
0.0s C:\Users\Gary\Documents\Desktop\FRST64.exe
3.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{665B722D-92F9-4A19-8EA7-4D667D627141}
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
Cookies _____________________________________________________________________
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com