[code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : FIG-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Fig-PC\Fig UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-08-10 17:48:48 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 13 Objects scanned . . . : 1 678 482 Files scanned . . . . : 21 743 Remnants scanned . . : 226 703 files / 1 430 036 keys Malware _____________________________________________________________________ C:\Users\Fig\Documents\BFBC2\pb\pbcl.dll Size . . . . . . . : 891 962 bytes Age . . . . . . . : 276.8 days (2015-11-07 22:00:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616 > HitmanPro . . . . : App/Punkbust-B Fuzzy . . . . . . : 129.0 Suspicious files ____________________________________________________________ C:\Users\Fig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ANTUED9\FRST64[1].exe Size . . . . . . . : 2 393 600 bytes Age . . . . . . . : 0.0 days (2016-08-10 17:39:18) Entropy . . . . . : 7.6 SHA-256 . . . . . : 36DE2F75903AA7C13C54221D043BB01424BF6AA4ADBA786366D75A70CA4C4CF7 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -1.1s C:\Users\Fig\AppData\Roaming\Microsoft\Windows\Cookies\XYYP968A.txt -1.1s C:\Users\Fig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI894AEF\82[1].htm -0.3s C:\Users\Fig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWX12ZW5\FRST64[1].exe 0.0s C:\Users\Fig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ANTUED9\FRST64[1].exe 7.8s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007f6 7.9s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007f7 9.0s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007f8 9.2s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007f9 9.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007fa 9.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007fb 9.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007fc 9.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007fd 9.9s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007fe 9.9s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_0007ff 10.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000800 10.6s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000801 11.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000802 11.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000803 12.1s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000804 12.2s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000805 12.6s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000806 13.2s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000807 13.6s C:\Users\Fig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI894AEF\up64[1] 13.6s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000808 13.7s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000809 14.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080a 14.8s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080b 15.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080c 15.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080d 16.1s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080e 16.1s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00080f 16.2s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000810 16.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000811 16.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000812 16.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000813 16.7s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000814 16.8s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000815 16.8s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000816 17.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000817 17.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000818 17.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000819 17.6s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081a 17.8s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081b 29.5s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\696a57cb093a1c6249729e2deb5a354f_fbf581ae-7af6-4c4f-a1cb-5c6c7fe9675d 30.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081c 30.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5759238a73b198656f8b4ab04a85b546_fbf581ae-7af6-4c4f-a1cb-5c6c7fe9675d 31.3s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081d 31.4s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081e 31.5s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_00081f 31.7s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000820 32.2s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000821 32.7s C:\Users\Fig\AppData\Local\Opera Software\Opera Stable\Cache\f_000822 33.1s C:\Users\Fig\AppData\Local\Temp\etilqs_bOFdWI1wfa28MmG C:\Users\Fig\AppData\Local\PunkBuster\BC2\pb\pbcl.dll Size . . . . . . . : 962 185 bytes Age . . . . . . . : 31.1 days (2016-07-10 15:01:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Fig\AppData\Local\PunkBuster\BC2\pb\pbclold.dll Size . . . . . . . : 962 185 bytes Age . . . . . . . : 56.0 days (2016-06-15 18:15:37) Entropy . . . . . : 7.6 SHA-256 . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Fig\AppData\Local\PunkBuster\BC2\pb\pbcls.dll Size . . . . . . . : 962 185 bytes Age . . . . . . . : 55.9 days (2016-06-15 19:01:12) Entropy . . . . . : 7.6 SHA-256 . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Fig\AppData\Local\PunkBuster\BC2\pb\PnkBstrK.sys Size . . . . . . . : 139 048 bytes Age . . . . . . . : 56.0 days (2016-06-15 18:15:49) Entropy . . . . . : 7.8 SHA-256 . . . . . : A935B2B22381F56ED9F78AF35FE20333F974CB4CB1257763434B7667DE17AD57 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Fig\AppData\Local\PunkBuster\BF4\pb\dll\wc002351.dll Size . . . . . . . : 1 018 768 bytes Age . . . . . . . : 276.8 days (2015-11-07 23:30:18) Entropy . . . . . : 7.6 SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Fig\AppData\Local\PunkBuster\BF4\pb\pbcl.dll Size . . . . . . . : 1 018 768 bytes Age . . . . . . . : 101.9 days (2016-04-30 19:06:58) Entropy . . . . . : 7.6 SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Fig\AppData\Local\PunkBuster\BF4\pb\pbclold.dll Size . . . . . . . : 1 018 768 bytes Age . . . . . . . : 276.8 days (2015-11-07 23:15:33) Entropy . . . . . : 7.6 SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Fig\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys Size . . . . . . . : 138 648 bytes Age . . . . . . . : 276.8 days (2015-11-07 23:15:47) Entropy . . . . . : 7.7 SHA-256 . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Fig\AppData\Local\PunkBuster\COD4\pb\pbcl.dll Size . . . . . . . : 967 165 bytes Age . . . . . . . : 99.1 days (2016-05-03 16:00:48) Entropy . . . . . : 7.6 SHA-256 . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Fig\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys Size . . . . . . . : 139 832 bytes Age . . . . . . . : 99.1 days (2016-05-03 16:01:05) Entropy . . . . . : 7.7 SHA-256 . . . . . : 3CB5C8CB071375FDE6E9269000B78E65DB29D585B2775E66C8B9F6E47E0012D1 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Cookies _____________________________________________________________________ C:\Users\Fig\AppData\Roaming\Microsoft\Windows\Cookies\SNJSW3ZJ.txt [/code]