Sophos Scan & Clean
www.sophos.com
Computer name . . . . : BBPC
Windows . . . . . . . : 10.0.0.19042.X64/4
User name . . . . . . : BBPC\Brennan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2021-11-10 02:51:12
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 23s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 9
Objects scanned . . . : 3,560,428
Files scanned . . . . : 252,821
Remnants scanned . . : 1,635,891 files / 1,671,716 keys
Suspicious files ____________________________________________________________
C:\Users\Brennan\AppData\Local\PunkBuster\BF4\pb\pbcl.dll
Size . . . . . . . : 1,018,768 bytes
Age . . . . . . . : 1621.2 days (2017-06-02 22:44:30)
Entropy . . . . . : 7.6
SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Brennan\AppData\Local\PunkBuster\BF4\pb\pbcls.dll
Size . . . . . . . : 1,018,768 bytes
Age . . . . . . . : 1621.2 days (2017-06-02 22:44:30)
Entropy . . . . . : 7.6
SHA-256 . . . . . : F3A472110B8B760ECCCFFFB1821382D9E65583C5CEF460C8C92FBBCD3E8196E6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
C:\Users\Brennan\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 138,648 bytes
Age . . . . . . . : 1621.2 days (2017-06-02 22:49:30)
Entropy . . . . . : 7.7
SHA-256 . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKU\.DEFAULT\Software\iWinArcade\ (iWinToolbar) -> Deleted
HKU\S-1-5-18\Software\iWinArcade\ (iWinToolbar) -> PendingDelete
HKU\S-1-5-21-1379302413-3029893464-1618603415-1001\SOFTWARE\iWinArcade\ (iWinToolbar) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Brennan\AppData\Local\Vivaldi\User Data\Default\Cookies:dotomi.com
C:\Users\Brennan\AppData\Local\Vivaldi\User Data\Default\Cookies:emjcd.com
C:\Users\Brennan\AppData\Local\Vivaldi\User Data\Default\Cookies:linksynergy.com