HitmanPro 3.7.9.234
www.hitmanpro.com
Computer name . . . . : WORKLAXIA-FACT
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : WORKLAXIA-FACT\WORKLAXIA
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2015-02-05 12:20:07
Scan mode . . . . . . : Normal
Scan duration . . . . : 17m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 10
Objects scanned . . . : 2.127.841
Files scanned . . . . : 49.980
Remnants scanned . . : 631.657 files / 1.446.204 keys
Suspicious files ____________________________________________________________
C:\Users\WORKLAXIA\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 963.808 bytes
Age . . . . . . . : 491.2 days (2013-10-02 07:07:54)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\WORKLAXIA\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 963.808 bytes
Age . . . . . . . : 491.2 days (2013-10-02 07:07:54)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 606BF35587821588DF7788E9265CEA593E832F8F048BDAD480E8BFF45E52A60D
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\WORKLAXIA\AppData\Local\PunkBuster\BF4\pb\pbsv.dll
Size . . . . . . . : 472.492 bytes
Age . . . . . . . : 491.2 days (2013-10-02 07:08:28)
Entropy . . . . . : 7.0
SHA-256 . . . . . : C59BDB02CFA466C8A77FC3ADB3DEC1359388B4F0F53826C84A7C676235D31539
Fuzzy . . . . . . : 25.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\WORKLAXIA\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139.552 bytes
Age . . . . . . . : 491.2 days (2013-10-02 07:09:36)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Windows\SysWOW64\SPLITTER.OCX
Size . . . . . . . : 163.096 bytes
Age . . . . . . . : 1583.8 days (2010-10-05 17:43:15)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 9BFBDE0218F42DBAF221F2DA064C4A80C1420781EE5D3DDB52CE498410C591EC
Product . . . . . : ActiveThreed
Publisher . . . . : Sheridan Software Systems, Inc.
Description . . . : SSSplitter ActiveX Control
Version . . . . . : 2.01.0012
Copyright . . . . : Copyright(c) 1991-1997 Sheridan Software Systems, Inc.
RSA Key Size . . . : 512
LanguageID . . . . : 1033
Authenticode . . . : Self-signed
Fuzzy . . . . . . : 26.0
Program is code signed with a weak certificate. This is common to malware.
Program is code self-signed.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
C:\Windows\SysWOW64\SSLstBar.ocx
Size . . . . . . . : 233.760 bytes
Age . . . . . . . : 1583.8 days (2010-10-05 17:43:22)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 4585F4156D180C67B553DCCC55C0EE71FDB8BDE1DF4D99D67A6FDD7142FFD302
Product . . . . . : ActiveListBar
Publisher . . . . : Sheridan Software Systems, Inc.
Description . . . : ActiveListbar Control
Version . . . . . : 1.0.0024
Copyright . . . . : Copyright(c) 1997 Sheridan Software Systems, Inc.
RSA Key Size . . . : 512
LanguageID . . . . : 1033
Authenticode . . . : Self-signed
Fuzzy . . . . . . : 26.0
Program is code signed with a weak certificate. This is common to malware.
Program is code self-signed.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Potential Unwanted Programs _________________________________________________
C:\Users\WORKLAXIA\AppData\Roaming\Mobogenie\ (Rocketfuel) -> Deleted
HKU\S-1-5-21-1215671620-2672508756-1422277463-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey) -> Deleted
Cookies _____________________________________________________________________
C:\Users\WORKLAXIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\WORKLAXIA\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com