[code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DJTEDEXSTUDIO Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : DjTedexStudio\Dj Tedex Studio UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-12-15 15:53:42 Scan mode . . . . . . : Normal Scan duration . . . . : 19m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 15 Traces . . . . . . . : 80 Objects scanned . . . : 2 467 965 Files scanned . . . . : 133 162 Remnants scanned . . : 879 984 files / 1 454 819 keys Malware _____________________________________________________________________ C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 14428-traktor-t-40m Vigero (rusty).exe Size . . . . . . . : 7 429 548 bytes Age . . . . . . . : 476.8 days (2014-08-25 20:10:42) Entropy . . . . . : 8.0 SHA-256 . . . . . : 33DC4032DBE729FEF6265EAF65413A2103E26A6D8F905237D5E3C8789CBF1014 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 14428-traktor-t-40m Vigero (rusty).lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 18000-bmw-750li-2013 PMP 600.exe Size . . . . . . . : 7 123 542 bytes Age . . . . . . . : 476.8 days (2014-08-25 20:10:28) Entropy . . . . . : 8.0 SHA-256 . . . . . : 54312FC5CC87E1033C683B08E2ECAB0433895CAE1D14BA0CDFFBC2D2013A3949 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 18000-bmw-750li-2013 PMP 600.lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 23928-honda-cbr-600rr NRG 900.exe Size . . . . . . . : 6 771 725 bytes Age . . . . . . . : 479.9 days (2014-08-22 18:38:30) Entropy . . . . . : 8.0 SHA-256 . . . . . : BEA221554F9319BA57CC079C03683D7AF33975C3704D29A2181D1F213D3A61C6 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 23928-honda-cbr-600rr NRG 900.lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 26625-mercedes-benz-g65-2013-amg Patriot.exe Size . . . . . . . : 7 019 516 bytes Age . . . . . . . : 476.8 days (2014-08-25 20:07:17) Entropy . . . . . : 8.0 SHA-256 . . . . . : 8EA087237932C9FC6D922E4F5A39642237002D52B15D894D8C9BDEEC4F58F456 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 26625-mercedes-benz-g65-2013-amg Patriot.lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 28749-bmw-x5-48is-v1 Rebla.exe Size . . . . . . . : 6 872 760 bytes Age . . . . . . . : 479.9 days (2014-08-22 18:23:32) Entropy . . . . . : 8.0 SHA-256 . . . . . : 8B8110C8C77C45E651296FC17D7929209480D036DA22F7D776CC27A7C5C035B4 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 28749-bmw-x5-48is-v1 Rebla.lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 29162-bmw-m5-2012 Admiral.exe Size . . . . . . . : 6 621 553 bytes Age . . . . . . . : 479.9 days (2014-08-22 18:17:02) Entropy . . . . . : 8.0 SHA-256 . . . . . : 618C6C0E9270BE9202D70152A4A94D605433ACFDD92E55D95427E00424551BE0 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 29162-bmw-m5-2012 Admiral.lnk C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\www.gtavicecity.ru\Uninstall 35516-snajperska-vintovka-ai-awm M40A1.exe Size . . . . . . . : 6 181 326 bytes Age . . . . . . . : 479.9 days (2014-08-22 18:34:32) Entropy . . . . . : 8.0 SHA-256 . . . . . : 5AD19A5A7FF95A9A1FF18F767DADC750F066C763EAC0D3828A15117FE96A8919 > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Rubar.ht Fuzzy . . . . . . : 101.0 References C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru\Uninstall 35516-snajperska-vintovka-ai-awm M40A1.lnk C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9\upgrade.exe Size . . . . . . . : 1 152 007 bytes Age . . . . . . . : 0.9 days (2015-12-14 19:10:39) Entropy . . . . . : 6.8 SHA-256 . . . . . : 70A711863C763F2DE63620C92B2CB1449DBBADA5C408AE0845762453771B8B9C > Bitdefender . . . : Trojan.GenericKD.2926586 Fuzzy . . . . . . : 108.0 Forensic Cluster -12.3s C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9\ 0.0s C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9\upgrade.exe C:\Ross-Tech\VCDS-Lite\loader.exe Size . . . . . . . : 199 168 bytes Age . . . . . . . : 49.8 days (2015-10-26 21:26:53) Entropy . . . . . : 8.0 SHA-256 . . . . . : CAD4950C9C0B7473B001C6DCC2401E2B36911BC7B2C4A043BC83158BFAFA9B9D > HitmanPro . . . . : Malware Fuzzy . . . . . . : 106.0 References C:\Users\Dj Tedex Studio\Desktop\VCDS-Lite.lnk C:\Users\Dj Tedex Studio\AppData\Local\NVIDIA\NvBackend\StreamingAssets\sniper_elite_3\automated_launch.exe Size . . . . . . . : 46 592 bytes Age . . . . . . . : 273.0 days (2015-03-17 15:18:26) Entropy . . . . . : 5.2 SHA-256 . . . . . : C2436FAE74C8700B906D77C9C8E55F5A11FE49563C2D95B363E6B17500B5BEDB Product . . . . . : OL LanguageID . . . . : 0 > Bitdefender . . . : Trojan.GenericKD.2079543 Fuzzy . . . . . . : 106.0 C:\Users\Dj Tedex Studio\Desktop\Inne\crack\aktywator.exe Size . . . . . . . : 9 458 428 bytes Age . . . . . . . : 827.1 days (2013-09-09 13:45:35) Entropy . . . . . : 8.0 SHA-256 . . . . . : 60CA507EF4BA7DBBB7EF6EA4B975B9B09A24D7D0C91D38D0876331203F962D98 Product . . . . . : Chew-WGA v0.9 Publisher . . . . : Anemeros Software Description . . . : The Perpetuation Endeavor Version . . . . . : 0.9.0.0 Copyright . . . . : Copyright (c) 2009 - Anemeros Software LanguageID . . . . : 1033 > Kaspersky . . . . : HackTool.Win32.WinCred.b Fuzzy . . . . . . : 103.0 C:\Users\Dj Tedex Studio\Desktop\Programy\LOIC.exe Size . . . . . . . : 134 144 bytes Age . . . . . . . : 538.8 days (2014-06-24 20:05:43) Entropy . . . . . : 7.5 SHA-256 . . . . . : 1D5FC634F976DC3C3F339E46365AF78940CB1F49CAA46E76E70F7C6CE8DAD089 Product . . . . . : Low Orbit Ion Cannon LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 114.0 C:\Users\Dj Tedex Studio\Documents\My Games\FarmingSimulator2015\SaveGameEditor.exe Size . . . . . . . : 105 984 bytes Age . . . . . . . : 337.8 days (2015-01-11 19:32:20) Entropy . . . . . : 7.7 SHA-256 . . . . . : 893C1B0A6F1FA5E02EA6C008218F743844F9D3769DD5F17EB9092A0D11A3FD60 Product . . . . . : SaveGameEditor LanguageID . . . . : 0 > Bitdefender . . . : Gen:Variant.Kazy.534233 Fuzzy . . . . . . : 114.0 C:\Users\Dj Tedex Studio\Downloads\sony vegas pro 13 0 428\Keygen.exe Size . . . . . . . : 4 002 304 bytes Age . . . . . . . : 167.8 days (2015-06-30 20:31:53) Entropy . . . . . : 7.9 SHA-256 . . . . . : 070D93A1442F2F4B0C1D248CB43EB2372900FFB83877BC7B2F392EC5713DFB08 > Bitdefender . . . : Application.Keygen.EZ Fuzzy . . . . . . : 114.0 D:\Cinema 4D R15\Keygen\mc4dr15.exe Size . . . . . . . : 96 256 bytes Age . . . . . . . : 748.9 days (2013-11-26 17:24:48) Entropy . . . . . : 6.1 SHA-256 . . . . . : 5108ECECD4B593BDBD83D1A2C7BABF91897D2E56A01C803A63B7ECE62EBB5342 > Bitdefender . . . : Gen:Trojan.Heur.PT.fmW@aehYxJji Fuzzy . . . . . . : 111.0 References HKU\S-1-5-21-2930414122-1855830695-2752083529-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\Cinema 4D R15\Keygen\mc4dr15.exe Suspicious files ____________________________________________________________ C:\Program Files (x86)\Cities Skylines\Cities.exe Size . . . . . . . : 18 656 544 bytes Age . . . . . . . : 275.1 days (2015-03-15 12:56:26) Entropy . . . . . : 6.6 SHA-256 . . . . . : BBEDCF27C7FAA8677DB9CFA6DB9A8D6B51D38FEFCD5F8E250CEE2F8228E402D6 Version . . . . . : 5.0.0.11855607 RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Authors name is missing in version info. This is not common to most programs. References HKU\S-1-5-21-2930414122-1855830695-2752083529-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files (x86)\Cities Skylines\Cities.exe C:\Program Files\PowerDataRecovery\powerdatarecovery.exe Size . . . . . . . : 4 152 216 bytes Age . . . . . . . : 99.9 days (2015-09-06 19:02:55) Entropy . . . . . : 7.2 SHA-256 . . . . . : 5A1E535EB9C8AB311FBC540575EA9B99844B28D851286ADB39BACE319E90C42E Product . . . . . : MiniTool Power Data Recovery V7.0 Publisher . . . . : MiniTool Solution Ltd. Description . . . : MiniTool Power Data Recovery V7.0 Version . . . . . : 7.0 Copyright . . . . : Copyright (C) 2006 - 2015, MiniTool Solution Ltd., All rights reserved. RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Invalid Fuzzy . . . . . . : 24.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. References C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0\MiniTool Power Data Recovery 7.0.lnk C:\Users\Public\Desktop\MiniTool Power Data Recovery 7.0.lnk HKU\S-1-5-21-2930414122-1855830695-2752083529-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\PowerDataRecovery\powerdatarecovery.exe C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\AAV3\pb\pbcl.dll Size . . . . . . . : 976 376 bytes Age . . . . . . . : 453.1 days (2014-09-18 12:44:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : AD673B83C5FAAD655A005CA487B004AAD182BF1656C2889C3491C927A59B197B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\AAV3\pb\pbcls.dll Size . . . . . . . : 976 376 bytes Age . . . . . . . : 453.1 days (2014-09-18 12:44:06) Entropy . . . . . : 7.6 SHA-256 . . . . . : AD673B83C5FAAD655A005CA487B004AAD182BF1656C2889C3491C927A59B197B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\AAV3\pb\PnkBstrK.sys Size . . . . . . . : 140 952 bytes Age . . . . . . . : 453.1 days (2014-09-18 12:55:55) Entropy . . . . . : 7.7 SHA-256 . . . . . : C16149FB549D5C4522B8025893EFFA0D11BECAF4356977AFA72F576AE120E922 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\APB\pb\pbcl.dll Size . . . . . . . : 953 905 bytes Age . . . . . . . : 562.0 days (2014-06-01 15:42:40) Entropy . . . . . : 7.6 SHA-256 . . . . . : 9A5BDD44D0817FE21A154412B5989E157455BC24ADBCB238376F73FCEFB14696 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys Size . . . . . . . : 139 904 bytes Age . . . . . . . : 562.0 days (2014-06-01 15:42:54) Entropy . . . . . : 7.8 SHA-256 . . . . . : 5FFC3A37106249E619700B233D73AC3024B5902A76A6FCEA687B7123DD8D68AD RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll Size . . . . . . . : 963 480 bytes Age . . . . . . . : 553.9 days (2014-06-09 18:10:33) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll Size . . . . . . . : 969 032 bytes Age . . . . . . . : 533.9 days (2014-06-29 18:18:43) Entropy . . . . . : 7.6 SHA-256 . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1 014 616 bytes Age . . . . . . . : 445.9 days (2014-09-25 19:01:21) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 878.8 days (2013-07-19 19:44:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 865.9 days (2013-08-01 19:27:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 878.8 days (2013-07-19 19:39:12) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 139 424 bytes Age . . . . . . . : 878.8 days (2013-07-19 19:40:26) Entropy . . . . . : 7.8 SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\FC3\pb\pbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 918.9 days (2013-06-09 18:44:18) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\FC3\pb\pbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 918.9 days (2013-06-09 18:44:18) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 918.9 days (2013-06-09 18:44:29) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll Size . . . . . . . : 956 648 bytes Age . . . . . . . : 925.0 days (2013-06-03 14:52:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll Size . . . . . . . : 956 648 bytes Age . . . . . . . : 925.0 days (2013-06-03 16:40:49) Entropy . . . . . : 7.6 SHA-256 . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll Size . . . . . . . : 956 648 bytes Age . . . . . . . : 925.0 days (2013-06-03 14:45:33) Entropy . . . . . : 7.6 SHA-256 . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Dj Tedex Studio\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys Size . . . . . . . : 139 648 bytes Age . . . . . . . : 925.0 days (2013-06-03 14:46:00) Entropy . . . . . : 7.8 SHA-256 . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\{0d4c9d4a-dd25-410b-a716-cbd8a7d26ead}\ (HighStairs) HKLM\SOFTWARE\Classes\AppID\{11784ced-2a34-4674-a542-48e7269276aa}\ (HighStairs) HKLM\SOFTWARE\Classes\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}\ (FilterResults) HKLM\SOFTWARE\Classes\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}\ (FilterResults) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{0d4c9d4a-dd25-410b-a716-cbd8a7d26ead}\ (HighStairs) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{11784ced-2a34-4674-a542-48e7269276aa}\ (HighStairs) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{c9382aa4-b6b9-4e63-a13b-53061dd7fddf}\ (FilterResults) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{cd5da489-3013-4cd1-be62-f18393deab33}\ (FilterResults) HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart) HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart) HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip) Cookies _____________________________________________________________________ C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com C:\Users\Dj Tedex Studio\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\3G60KQY4.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\6EDU1ZQR.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\8TSRNXZN.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\BBGHA9BE.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\EOKE0AK7.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\N7MMXL4Z.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\NGI5GSJH.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\QXHJZY5Z.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\R3AVOB9N.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\TBEK3BD5.txt C:\Users\Dj Tedex Studio\AppData\Roaming\Microsoft\Windows\Cookies\XPP95366.txt [/code]