Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Infected with RocketTab

27 replies to this topic

#1 Rivix

Rivix

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 10:29 AM

I was infected with RocketTab and I believe I did delete it, I went into my control panel and deleted it, I also deleted its files in regedit and ran AdwCleaner (anti-virus) and nothing showed up, and now here is what I want to remove: upon startup this is what it says, Windows cannot find 'C:\Program Files (x86)\RocketTab\Client.exe'. Make sure you typed the name correctly, and then try again. I'd like to have it where this wouldn't pop up at startup adding on to that error taskeng.exe also comes up, I've had no problems with my computer however but I'm still worried about this, thank you for help and help me delete this.

#2 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 01:16 PM

Hi Rivix and

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

So when navigate in to this path C:\Program Files (x86)\RocketTab\Client.exe does not exist.

Thank you!

#3 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 01:49 PM

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

I checked the boxes they were unchecked so idk if that was the problem ^ that is the log the checkup.txt and so I run the Farbar while the error occurs when I start my computer?

#4 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 01:50 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Carlos (administrator) on 27-08-2014 at 14:47:51
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/27/2014 11:18:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 11:00:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 10:52:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 09:59:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 11:06:07 PM) (Source: Application Hang) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a64

Start Time: 01cfc1a37078c680

Termination Time: 287

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Report Id:

Error: (08/26/2014 09:00:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 10:47:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 10:57:34 AM) (Source: MsiInstaller) (User: Carlos-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

Error: (08/24/2014 10:43:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 07:58:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: StateOfDecay.exe, version: 14.6.23.5340, time stamp: 0x53a87062
Faulting module name: fmodex.dll, version: 0.4.38.4, time stamp: 0x4ede2a1e
Exception code: 0xc0000409
Fault offset: 0x0001c431
Faulting process id: 0x1b18
Faulting application start time: 0xStateOfDecay.exe0
Faulting application path: StateOfDecay.exe1
Faulting module path: StateOfDecay.exe2
Report Id: StateOfDecay.exe3

System errors:
=============
Error: (08/27/2014 11:16:56 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 9 service failed to start due to the following error:
%%1053

Error: (08/27/2014 11:16:56 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 9 service to connect.

Error: (08/26/2014 10:47:44 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/26/2014 10:47:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/26/2014 10:06:23 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/25/2014 09:34:08 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/25/2014 09:34:08 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/25/2014 05:19:24 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/24/2014 09:08:19 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x408030=0x80000003

Error: (08/24/2014 09:08:19 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5Graphics Exception: Const out of Bound

Microsoft Office Sessions:
=========================
Error: (08/27/2014 11:18:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 11:00:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 10:52:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 09:59:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 11:06:07 PM) (Source: Application Hang)(User: )
Description: csgo.exe0.0.0.01a6401cfc1a37078c680287C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Error: (08/26/2014 09:00:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 10:47:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 10:57:34 AM) (Source: MsiInstaller)(User: Carlos-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/24/2014 10:43:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 07:58:20 PM) (Source: Application Error)(User: )
Description: StateOfDecay.exe14.6.23.534053a87062fmodex.dll0.4.38.44ede2a1ec00004090001c4311b1801cfbf24609bb15aC:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exeC:\Program Files (x86)\Steam\steamapps\common\State of Decay\fmodex.dll5b7ab230-2b21-11e4-8660-50e54955199e

=========================== Installed Programs ============================
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.3.28706 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dragon Age Redesigned © Morrigan (HKCU\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.95 - Etron Technology) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG United Mobile Drivers (HKLM-x32\...\{27590F8C-82D3-428E-8B40-1B3146E89AF5}) (Version: 3.4.0.0 - LG Electronics)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140722.89040 - Square Enix Ltd)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Soldier Front 2 (HKLM-x32\...\Soldier Front 2) (Version:  - )
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.5.7 - Electronic Arts)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Trove Alpha (HKLM-x32\...\Glyph Trove Alpha) (Version:  - Trion Worlds, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zipeg (HKCU\...\Zipeg) (Version: 2.9.3.1316 - http://zipeg.com)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 8175.11 MB
Available physical RAM: 5226.93 MB
Total Pagefile: 16348.4 MB
Available Pagefile: 12964.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:390.88 GB) NTFS
2 Drive d: (SEGAROME) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\CARLOS-PC

Guest

**** End of log ****

Idk if you wanted me to post that but I did lol

#5 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 02:05 PM

And this one here is the FSS one

Farbar Service Scanner Version: 21-07-2014
Ran by Carlos (administrator) on 27-08-2014 at 15:02:49
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#6 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 02:20 PM

I'd like to have it where this wouldn't pop up at startup adding on to that error taskeng.exe also comes up,

This I cannot understand.

#7 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 02:32 PM

Whenever I start up my PC that error comes up, and another tab also comes up named taskeng.exe

#8 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 03:09 PM

Paste that in search box after clicking on Start button..It will appear tasken.Right click upon and select properties.See the location.

Is there a problem with browsers?

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

- Do not accept the Free Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

Be sure to restart the computer if requested.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

Thank you!

#9 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 03:48 PM

This is the Hitman

```HitmanPro 3.7.9.221
www.hitmanpro.com

Computer name . . . . : CARLOS-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Carlos-PC\Carlos
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-08-27 16:34:16
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 48s
Disk access mode  . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot  . . . . . . . : No

Threats . . . . . . . : 3
Traces  . . . . . . . : 28

Objects scanned . . . : 1,633,411
Files scanned . . . . : 58,775
Remnants scanned  . . : 606,355 files / 968,281 keys

Malware _____________________________________________________________________

Size . . . . . . . : 142,848 bytes
Age  . . . . . . . : 34.7 days (2014-07-23 23:06:46)
Entropy  . . . . . : 7.5
SHA-256  . . . . . : 63B0D63F97A288CC1897728E78933E080F07A0BCF3D91A39B88E98D89858461E
Product  . . . . . : Steam Guard Verification
Publisher  . . . . : Valve Corporation
Description  . . . : Steam Guard Verification
Version  . . . . . : 02.25.32.45
LanguageID . . . . : 1033
> Bitdefender  . . . : Trojan.GenericKD.1775687
Fuzzy  . . . . . . : 104.0

Size . . . . . . . : 142,848 bytes
Age  . . . . . . . : 34.7 days (2014-07-23 23:07:06)
Entropy  . . . . . : 7.5
SHA-256  . . . . . : 63B0D63F97A288CC1897728E78933E080F07A0BCF3D91A39B88E98D89858461E
Product  . . . . . : Steam Guard Verification
Publisher  . . . . : Valve Corporation
Description  . . . : Steam Guard Verification
Version  . . . . . : 02.25.32.45
LanguageID . . . . : 1033
> Bitdefender  . . . : Trojan.GenericKD.1775687
Fuzzy  . . . . . . : 104.0

Size . . . . . . . : 142,848 bytes
Age  . . . . . . . : 34.7 days (2014-07-23 23:06:10)
Entropy  . . . . . : 7.5
SHA-256  . . . . . : 63B0D63F97A288CC1897728E78933E080F07A0BCF3D91A39B88E98D89858461E
Product  . . . . . : Steam Guard Verification
Publisher  . . . . : Valve Corporation
Description  . . . : Steam Guard Verification
Version  . . . . . : 02.25.32.45
LanguageID . . . . : 1033
> Bitdefender  . . . : Trojan.GenericKD.1775687
Fuzzy  . . . . . . : 104.0

Suspicious files ____________________________________________________________

C:\Users\Carlos\AppData\Local\PunkBuster\APB\pb\dll\wc002327.dll
Size . . . . . . . : 968,536 bytes
Age  . . . . . . . : 134.9 days (2014-04-14 18:28:50)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 5B7AAFE720F6D7E618784C9AC16A6FD2329B7B0170E24B642D0059971B6C5B7A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\APB\pb\pbcl.dll -> Quarantined
Size . . . . . . . : 968,536 bytes
Age  . . . . . . . : 126.0 days (2014-04-23 16:04:10)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 5B7AAFE720F6D7E618784C9AC16A6FD2329B7B0170E24B642D0059971B6C5B7A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\APB\pb\pbclold.dll
Size . . . . . . . : 968,536 bytes
Age  . . . . . . . : 134.9 days (2014-04-14 18:13:23)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 5B7AAFE720F6D7E618784C9AC16A6FD2329B7B0170E24B642D0059971B6C5B7A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
Size . . . . . . . : 139,656 bytes
Age  . . . . . . . : 134.9 days (2014-04-14 18:13:35)
Entropy  . . . . . : 7.7
SHA-256  . . . . . : 0C20AD6DD97FF44B94AF48A1FC7A0FDEB8D94E8727A76333B3453B35F27B628F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
Size . . . . . . . : 963,480 bytes
Age  . . . . . . . : 377.0 days (2013-08-15 15:44:15)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 963,480 bytes
Age  . . . . . . . : 375.1 days (2013-08-17 15:20:18)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
Size . . . . . . . : 963,480 bytes
Age  . . . . . . . : 377.0 days (2013-08-15 15:39:37)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 139,032 bytes
Age  . . . . . . . : 377.0 days (2013-08-15 15:39:53)
Entropy  . . . . . : 7.8
SHA-256  . . . . . : 0CA9D48C9E3D938121A73EBE6EA3FBE19A9AE017EEDA066A22CF254A688A98C2
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139,264 bytes
Age  . . . . . . . : 19.0 days (2014-08-08 16:48:33)
Entropy  . . . . . : 7.7
SHA-256  . . . . . : 641F3F332133540A507F1A6FDD59DC4D9356920F28C0AAEF152D1F727308D04C
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 23.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953,886 bytes
Age  . . . . . . . : 613.5 days (2012-12-22 04:33:51)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy  . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Carlos\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953,886 bytes
Age  . . . . . . . : 613.5 days (2012-12-22 04:33:51)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy  . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Carlos\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138,032 bytes
Age  . . . . . . . : 613.5 days (2012-12-22 04:34:19)
Entropy  . . . . . : 7.8
SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Carlos\AppData\Local\PunkBuster\HOS\pb\pbcl.dll
Size . . . . . . . : 948,333 bytes
Age  . . . . . . . : 126.0 days (2014-04-23 16:26:19)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 65E0CDCB32C36ADAAB6BED9D7A2B0A73BC038013549D19EA692085F54D87E45B
Fuzzy  . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Carlos\AppData\Local\PunkBuster\HOS\pb\PnkBstrK.sys
Size . . . . . . . : 140,304 bytes
Age  . . . . . . . : 126.0 days (2014-04-23 16:26:28)
Entropy  . . . . . : 7.7
SHA-256  . . . . . : E7BAC3CC5AD8D1B11C55BD39437326883D86657CE8EB61606C3BED5710945660
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy  . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

Size . . . . . . . : 415,232 bytes
Age  . . . . . . . : 0.1 days (2014-08-27 14:46:11)
Entropy  . . . . . : 7.9
SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
Needs elevation  . : Yes
Fuzzy  . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster

Size . . . . . . . : 401,920 bytes
Age  . . . . . . . : 0.1 days (2014-08-27 14:44:57)
Entropy  . . . . . : 7.9
Needs elevation  . : Yes
Fuzzy  . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flashx64.bat
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\MSEx64.bat
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\Update History.txt
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\SecurityCheck.bat
-40.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
-36.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup.txt
-36.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\check.txt
-36.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\OS1check.txt
-36.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\x64SPcheck.txt
-36.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\OS1check2.txt
-36.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\UAC.txt
-36.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\UAC2.txt
-36.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\IEversion.txt
-36.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\IEVersion2.txt
-36.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\install.txt
-36.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process.txt
-34.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\wscsvc1.txt
-34.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Vista7FirewallCheck1.txt
-33.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\Vista7FirewallCheck2.txt
-33.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\AVDisplayName.txt
-33.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\AVstate.txt
-33.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimspycheck.txt
-32.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\hostcopy.txt
-32.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimspycheck2.txt
-32.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flashcheck.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash2.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash3.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash4.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash5.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\flash6.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\ff2.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\ff3.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\tb2.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome.txt
-32.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome2.txt
-31.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome3.txt
-31.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome4.txt
-31.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome5.txt
-31.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome6.txt
-31.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\chrome7.txt
-31.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process2.txt
-31.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process4.txt
-31.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process5.txt
-31.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process6.txt
-31.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process7.txt
-31.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process8.txt
-31.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimproccheck.txt
-31.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process9.txt
-31.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process10.txt
-31.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process11.txt
-31.4s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process12.txt
-31.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process13.txt
-31.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process14.txt
-31.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process15.txt
-31.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process16.txt
-31.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process17.txt
-31.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process18.txt
-31.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process19.txt
-31.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process20.txt
-31.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process21.txt
-31.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process22.txt
-31.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process23.txt
-31.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process24.txt
-31.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process25.txt
-30.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process26.txt
-30.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process27.txt
-30.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process28.txt
-30.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process29.txt
-30.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process30.txt
-30.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process31.txt
-30.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process32.txt
-30.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process33.txt
-30.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process34.txt
-30.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process35.txt
-30.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process36.txt
-30.6s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process37.txt
-30.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process38.txt
-30.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process39.txt
-30.5s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\process40.txt
-30.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup.txt
-30.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup2.txt
-30.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup3.txt
-30.3s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup4.txt
-30.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup5.txt
-30.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup6.txt
-30.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup7.txt
-30.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup8.txt
-30.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup9.txt
-30.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup10.txt
-30.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup11.txt
-30.1s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup12.txt
-30.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup13.txt
-30.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup14.txt
-30.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup15.txt
-30.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup16.txt
-30.0s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup17.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup18.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup19.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup20.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup21.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup22.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup23.txt
-29.9s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup24.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup25.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup26.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup27.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup28.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup29.txt
-29.8s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup30.txt
-29.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup31.txt
-29.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\notcheckup32.txt
-29.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup2.txt
-29.7s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck.txt
10.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck2.txt
10.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck3.txt
10.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\defragcheck4.txt
10.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\prelimcheckup3.txt
10.2s C:\Users\Carlos\AppData\Local\Temp\RarSFX0\SecurityCheck\checkup.txt

C:\Windows\SysWOW64\GameMon.des
Size . . . . . . . : 3,191,392 bytes
Age  . . . . . . . : 6.8 days (2014-08-20 21:38:16)
Entropy  . . . . . : 8.0
SHA-256  . . . . . : F65AF9FAF6899F7A8EC472FE24732F871B1E6F2FE9095DE9F4CF5CA1FF18D5ED
Product  . . . . . : nProtect Game Monitor
Publisher  . . . . : INCA Internet Co., Ltd.
Description  . . . : nProtect Game Monitor Rev 2090
Version  . . . . . : 2014.5.16.1
RSA Key Size . . . : 2048
Service  . . . . . : npggsvc
LanguageID . . . . : 1042
Authenticode . . . : Valid
Fuzzy  . . . . . . : 27.0
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
Forensic Cluster
-40.9s C:\Program Files (x86)\OGPlanet\USLauncher\
-38.9s C:\Windows\SysWOW64\OGPIEPlugin.ocx
-38.2s C:\Windows\SysWOW64\npOGPPlugin.dll
-33.1s C:\Program Files (x86)\OGPlanet\USLauncher\ogplauncher.zip
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgl.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npgg.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npgg.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npgg.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgg.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgg.erl
-16.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgg.erl
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\GameGuard.ver
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\DizzelNA.ini
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgmup.des
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npgmup.erl
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npgmup.erl
-16.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgmup.erl
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
-16.1s C:\Program Files\Common Files\INCA Shared\
-16.1s C:\Program Files\Common Files\INCA Shared\
-16.1s C:\Program Files\Common Files\INCA Shared\
-12.2s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\GameMon.des
-11.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\GameGuard.des
-11.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\GameGuard.des
-10.8s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\ggscan.des
-10.6s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgg9x.des
-10.2s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npggNT.des
-9.9s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npsc.des
-9.7s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\ggerror.des
-9.4s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\Splash.jpg
-9.2s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npggNT64.des
-8.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\GameMon64.des
-8.3s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgmup.des.new
-8.3s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgmup.des.new
-8.2s C:\Program Files\Common Files\INCA Shared\OnlineEngine\tyavexcept.dat
-7.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TYAVP_000.bin
-7.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TYAVP_000.bin
-7.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TYAVP_000.bin
-7.1s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TYAVP_000.bin
-6.7s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TYAVS_000.bin
-6.5s C:\Program Files\Common Files\INCA Shared\OnlineEngine\BWT.dll
-6.5s C:\Program Files\Common Files\INCA Shared\OnlineEngine\BWT.dll
-6.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\BwtTrust.dll
-6.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\BwtTrust.dll
-6.2s C:\Program Files\Common Files\INCA Shared\OnlineEngine\NpExcH.dat
-6.2s C:\Program Files\Common Files\INCA Shared\OnlineEngine\NpExcH.dat
-6.2s C:\Program Files\Common Files\INCA Shared\OnlineEngine\NpExcH.dat
-6.2s C:\Program Files\Common Files\INCA Shared\OnlineEngine\NpExcH.dat
-5.9s C:\Program Files\Common Files\INCA Shared\OnlineEngine\TeCtrl.dll
-5.9s C:\Program Files\Common Files\INCA Shared\OnlineEngine\teexcept.dat
-5.5s C:\Program Files\Common Files\INCA Shared\OnlineEngine\tyav32.dll
-5.5s C:\Program Files\Common Files\INCA Shared\OnlineEngine\tyav32.dll
-5.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\tyavcuremap.dat
-5.0s C:\Program Files\Common Files\INCA Shared\OnlineEngine\BWTTrustList.dat
-3.1s C:\Users\Carlos\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D4BE5F1333B45509DBD3BB258C690542
-3.1s C:\Users\Carlos\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D4BE5F1333B45509DBD3BB258C690542
-3.1s C:\Users\Carlos\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D33BA91FECBE98D217EE38BE0B2B0EF5
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npgm.erl
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npgm.erl
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgm.erl
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgm.erl
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgm.erl
-1.1s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npgm.erl
0.0s C:\Windows\SysWOW64\GameMon.des
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\0npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\npsc.erl
2.5s C:\Program Files (x86)\OGPlanet\Dizzel\GameGuard\1npsc.erl
3.7s C:\Program Files (x86)\OGPlanet\Dizzel\errorlog_20140820213819.txt
3.7s C:\Program Files (x86)\OGPlanet\Dizzel\errorlog_20140820213819.txt
3.7s C:\Program Files (x86)\OGPlanet\Dizzel\errorlog_20140820213819.txt
3.7s C:\Program Files (x86)\OGPlanet\Dizzel\errorlog_20140820213819.txt
4.4s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\OptionUI.xml
4.6s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\SystemLog.txt
4.6s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\SystemLog.txt
4.6s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\SystemLog.txt
5.0s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\graphicOptionCheck.log
5.0s C:\Program Files (x86)\OGPlanet\Dizzel\beresource\graphicOptionCheck.log

```

This is the Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carlos on Wed 08/27/2014 at 16:27:28.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2919572601-2312694995-193838144-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/27/2014 at 16:31:19.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebyte

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 4:31:59 PM
Logfile: h.txt

Version: 2.00.2.1012
Malware Database: v2014.08.27.06
Rootkit Database: v2014.08.21.01
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Carlos

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299637
Time Elapsed: 12 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

#10 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 03:49 PM

And how do I see the location of the taskeng? (Sorry to bother you so much)

#11 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 04:14 PM

So everything is connected with games in Hitman.

Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons
You will see a Manage Add-ons window. Here, look for Rocket Tab and other suspicious plugins. Disable these entries by clicking Disable
Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
Here, select Reset.
When in the new window, check Delete personal settings and select Reset again to complete Rocket Tab removal.

Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons → Extensions.
Here, select Rocket Tab and other questionable plugins. Click Remove to delete these entries.
Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information
Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Rocket Tab removal.

Open Google Chrome, click on the menu icon (top right corner) and select Tools → Extensions.
Here, select Rocket Tab and other malicious plugins and select trash icon to delete these entries.
Click on menu icon again and choose Settings → Manage Search engines under the Search section.
When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name.

Scroll down to the end of the page and click on Reset browser settings.
Click Reset to confirm this action and complete Rocket Tab removal.

If it Rocket tab is.

C:\Program Files (x86)\RocketTab\Client.exe I want this to check online.But you delete it.

The last one is Properties.This is in my language.A windows will appear with location,size and so on.

#12 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 04:43 PM

The taskeng.exe file is located in the folder C:\Windows\System32. In other cases, taskeng.exe is a virus, spyware, trojan or worm!

To remove instruments we used:

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

Hitman you may uninstall standard way as a program.

Is it possible to do a screenshot of this:

Whenever I start up my PC that error comes up, and another tab also comes up named taskeng.exe

Thank you!

#13 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 05:02 PM

Ok heres the picture: http://gyazo.com/e2c58b5867731fc21497730136f72932 I did the thing you told me to do and the error still shows up.

#14 Alex&Vanko

Alex&Vanko

• Banned
• 1,394 posts
• OFFLINE
•
• Gender:Male
• Local time:10:07 AM

Posted 27 August 2014 - 05:27 PM

Now I see.So there is only one taskeng.exe in this location I have written or?

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note: This scan might take a long time! Please be patient.
When completed select Uninstall application on close if you so wish
Now click on Finish

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Post it here.

The problem is still here,because Malwarebytes didn`t find anything.

Also you do not have antivirus.Why?

Thank you!

#15 Rivix

Rivix
• Topic Starter

• Members
• 20 posts
• OFFLINE
•
• Local time:03:07 AM

Posted 27 August 2014 - 08:52 PM

Ok I did the scan but the log doesn't come up on that directory.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users