It's possible,Quote:
I was thinking it was some chrome extenson.
Make sure to follow through and reset Google Chrome.
Printable View
It's possible,Quote:
I was thinking it was some chrome extenson.
Make sure to follow through and reset Google Chrome.
Code:HitmanPro 3.8.0.295
www.hitmanpro.com
Computer name . . . . : DRAGON
Windows . . . . . . . : 10.0.0.17134.X64/8
User name . . . . . . : Dragon\Chuck
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2018-10-26 18:15:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 9s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 12
Objects scanned . . . : 3,136,579
Files scanned . . . . : 158,057
Remnants scanned . . : 845,901 files / 2,132,621 keys
Suspicious files ____________________________________________________________
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\dll\wc002343.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
Size . . . . . . . : 963,808 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:04:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:20)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbsv.dll
Size . . . . . . . : 479,454 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:32)
Entropy . . . . . : 7.0
SHA-256 . . . . . : 8A9AFCB32C8005FA7EC39230FFA05D331627FD83A9A58FC17B3D3E639B29DC7E
Fuzzy . . . . . . : 25.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 1485.8 days (2014-10-01 23:01:17)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 641F3F332133540A507F1A6FDD59DC4D9356920F28C0AAEF152D1F727308D04C
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138,032 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:15)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\Desktop\FRST64.exe
Size . . . . . . . : 2,414,592 bytes
Age . . . . . . . : 1.3 days (2018-10-25 12:12:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 5877A3EB21455DB627B824950727390F74BE4984CE928B92003013359C1A92E1
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\000026.ldb
0.0s C:\Users\Chuck\Desktop\FRST64.exe
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
Coupon bar is a bit wierd. I don't use edge or IE. I did the reset though before I ran that scan.
I don't want to Jinx it just yet but I think the rest of the browsers may have worked. I'll give it another day and let ya know. in the meantime much appreciated, I will be saving this entire post for future reference.
AdwCleaner should had taken out coupon bar.
Did you allow HitMan Pro to remove what it found?
Are you still having the same issues?
http://i.imgur.com/5KB3EXa.pngUpload a file on VirusTotal
Virus Total (Recommended)
- Open your favorite web browser, and go on virustotal.com
- From there, click on the Select a file button and wait for the Windows Explorer to open
- Browse to the file below, select it and click on Open
Code:C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
- Once done, click on the Analyze button
- If you get a message that the file was already analyzed, click on the Re-analyze button
- At the end of the analysis, copy and paste the VirusTotal report URL in your next reply
Also
If you don't have an ad blocker installed I suggest you use Adblock Plus. Once installed click on its ABP icon at the top of the browser(s)
and choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.
Adblock Plus :: Add-ons for Firefox Adblock Plus - Chrome Web Store Adblock Plus for IE Adblock Plus for Edge browser
Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game inover a year so I should really just install it all.
Yeah I wanted to give it a day but whatever it is it's gone. And I have adblock installed. Do you still want me to scan the punkbuster file? I've not played the game it's for in over a year so I should really just uninstall it all.
**Did not see a way to edit the last post???
It's up to you if you want to uninstall it.....
What I wouldn't want, and I did not check, if it has an auto-updater or not.
If the ad is gone, and you reset Google Chrome, I think that is our answer. My thought is, it was attached to an extension.
Or it could had come in by exploiting a very out dated version of Java...
Why, when, where, who's guess
Let me know if your ready to remove tools and quarantine folders.
Ready. Sorry had some family issues come up. PC has been off since, but the good news is still no more pop up.
Not a problem.
DelFix
- Please download DelFix or from Here and save the file to your Desktop.
- Double-click DelFix.exe to run the programme.
- Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Click the Run button.
- -- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
************************************
- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malwareby quietman7, MVP
Keeping your programs up-to-date
Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like https://i.imgur.com/eF2jhaz.pngUCheck, ]SUMo and https://i.imgur.com/y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- http://i.imgur.com/E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
- http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- http://i.imgur.com/jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
- http://i.imgur.com/3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
- http://i.imgur.com/DgW1XL2.png Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
- http://i.imgur.com/j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- http://i.imgur.com/sHjS79L.png Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
Thanks again man. Everything is back to the way it should be. I was at my wits end on this. I will save this thread for a long time.