Code:
HitmanPro 3.8.0.295
www.hitmanpro.com
Computer name . . . . : DRAGON
Windows . . . . . . . : 10.0.0.17134.X64/8
User name . . . . . . : Dragon\Chuck
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2018-10-26 18:15:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 9s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 12
Objects scanned . . . : 3,136,579
Files scanned . . . . : 158,057
Remnants scanned . . : 845,901 files / 2,132,621 keys
Suspicious files ____________________________________________________________
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\dll\wc002343.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:17:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbclold.dll
Size . . . . . . . : 963,808 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:04:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 974,424 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:20)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E3050D29EB6CF5038F6723A7CD3D8C56D7334FF5B26237654FBAED56B3CF90F9
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\pbsv.dll
Size . . . . . . . : 479,454 bytes
Age . . . . . . . : 1480.7 days (2014-10-07 01:22:32)
Entropy . . . . . : 7.0
SHA-256 . . . . . : 8A9AFCB32C8005FA7EC39230FFA05D331627FD83A9A58FC17B3D3E639B29DC7E
Fuzzy . . . . . . : 25.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139,264 bytes
Age . . . . . . . : 1485.8 days (2014-10-01 23:01:17)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 641F3F332133540A507F1A6FDD59DC4D9356920F28C0AAEF152D1F727308D04C
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953,886 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Chuck\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138,032 bytes
Age . . . . . . . : 1526.1 days (2014-08-22 15:57:15)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Chuck\Desktop\FRST64.exe
Size . . . . . . . : 2,414,592 bytes
Age . . . . . . . : 1.3 days (2018-10-25 12:12:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 5877A3EB21455DB627B824950727390F74BE4984CE928B92003013359C1A92E1
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Profile 1\000026.ldb
0.0s C:\Users\Chuck\Desktop\FRST64.exe
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
Coupon bar is a bit wierd. I don't use edge or IE. I did the reset though before I ran that scan.