Hitman Pro Support and Discussion Thread

Hi @erikloman and Hi @markloman

Can you check the 1 File and whitelisted the 1 File please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Hi @erikloman and Hi @markloman

Can you check the 6 Files and whitelisted the 6 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

When Hitmanpro is doing the scanner he wants to upload some files to the cloud, but he throws me the message "load failed".

 

I've noticed that today, also. Maybe they have some problems on their servers?

 

I still can not solve myself, in fact now indicates that there is no connection with scan cloud.

 

Yes. After a rightclick on a folder and "Scan with HitmanPro" it always proceeds to the last page after the scan is done.
Manually uploading of files seems to be only possible if HitmanPro is launched via desktop-icon.

 

I got that upload failed msg this morning, but it seems to be working this afternoon.

Another thing that I noticed recently, is that the HMP scan never pauses on the "queued for upload" page anymore if I un-check the "automatically upload" option.

It just proceeds to the "finished" page at the end of the scan, so there is no longer any way to manually upload anything. I tried re-installing, but the same thing still happens, Has anyone else seen this?

Yes, and I ALWAYS launch HitmanPro via desktop icon.

 

That's strange Must be a bug.
I always launch it via desktop-icon and if it is detecting files, it always pauses on the page.

 

Normally it doesn't find anything, but I had just updated a couple of legit programs. HMP decided that they needed to be checked by the cloud.

Is there a method to "clean" install HMP? I already tried the normal uninstall/reinstall method.

 

The Settings are restored in the registry-key HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro and is (should be ) removed after HitmanPro has been deinstalled.
Some files are stored in the directory C:\ProgramData\HitmanPro\ - for example the license-key and the Logs of HitmanPro.
A simple deinstall/reinstall should be sufficient to clear the settings. Maybe a single click on "Reset settings" is sufficient too.
Or you can do both - Reset settings, then deinstall/install.

 

Again I get that the load to scan cloud has failed, it was fixed on Friday afternoon and Saturday worked well, but today it fails again.

 

Remind me, from HKLM/Software/HitmanPro > how to clear out safe/choose to ignore?

Spoiler: HKLM

 

Hi @erikloman and Hi @markloman

Can you check the 8 Files and whitelisted the 8 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Hi @erikloman and Hi @markloman

Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

I ask if this detection is a false positive.

UplayCrashReporter.exe

Since hitmanpro is the only security system that detects this file as malware, neither my Eset Smart Security 10 antivirus nor malwarebytes recognize it as a threat.

Here is the hitmanpro report:

Properties
Name UplayCrashReporter.exe
Location C: \ Program Files (x86) \ Ubisoft \ Ubisoft Game Launcher
Size 2.8 MB
Time 0.0 days ago (2017-07-14 17:07:23)
Authenticode Valid
Entropy 7.9
Product Uplay
Publisher Ubisoft
Description Uplay WebCore
Copyright (c) Ubisoft
RSA Key Size 2048
LanguageID 1033
SHA-256 89FA24241E95AF9FDE18755FA7CC2FA7FCDD56828C36C07AA8 10B7255FCF2D0C

Detection Names
HitmanPro Malware

Scoring (98.0)
One or more antivirus vendors have indicated that the file is malicious.
Entropy (or randomness) indicates the program is encrypted, compressed, or obfuscated. This is not typical for most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Program is code signed with a valid Authenticode certificate.
The file appears to be part of an installation package or setup program. This is typical for most programs.

 

False alarm.



~virus total results removed as per policy
https://www.wilderssecurity.com/thr...-posting-of-jotti-virus-total-results.180057/

 

Here's another false positive:

Properties
Name Iperius.exe
Location C:\Program Files\Iperius Backup
Size 23.1 MB
Time 582.1 days ago (2015-12-12 21:18:46)
Authenticode Valid
Entropy 6.6
Product Iperius Backup
Publisher Enter Srl
Description Iperius Backup
Version 4.9.4.0
Copyright Enter Srl
RSA Key Size 2048
LanguageID 1033
SHA-256 354A8F302934E8FC800E6FE0AC1A8A18C8A2544094FFCEF789BD975B6C70247D

Detection Names
HitmanPro Malware

Scoring (88.0)
One or more antivirus vendors have indicated that the file is malicious.
Uses the Windows Registry to run each time the user logs on.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
Program is code signed with a valid Authenticode certificate.
The file appears to be part of an installation package or setup program. This is typical for most programs.

---------------------------------------------------------------------------------------------------------------------------
I've been using this backup program for years, and it's definitely not malware. Please fix this false positive. Thank you.

 

Hi @erikloman and Hi @markloman

Can you check the 9 Files and whitelisted the 9 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Hi guys,
I had a HMP scan turn up a malware that I believe is a false positive from an update to some 3D software (new version with first patch) that I installed yesterday. I marked as ignore by choosing to send to HMP for analysis. Is that the best way to handle this or can I send the file somewhere on my own? If I leave it on ignore then the function of my software should work ok, correct?
Thanks,
schemer

p.s. the name of the file is:
AddMeta.exe

 

Are you also getting the latest version of uTorrent being (falsely?) reported as malicious?

Only 4 out of 64 engines complain on Virus Total (but one of those 4 is from Sophos).

virus total results removed as per policy
https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840

 

It's being detected by two engines, because it comes bundled with extra software. uTorrent itself is safe, but unless you opt out of installing WinZip, it will be installed too (although it possible you could be offered a different third party extra). The other two scanners, detect it by their heuristics. This doesn't mean it is malicious, and one of the scanners is Trend, which has overly sensitive heuristics which flags a lot of safe files.

 

I have noticed a few scanners have become a bit more aggressive about "potentially unwanted programs:, or PUP's.

Some publishers bundle these unwanted 3rd party programs, without giving you a heads up or reasonable means to opt out. So they end up getting blacklisted. It's a grey area ...

 

HMP detects part of TOR as malware.

Code:

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DAVID-HP
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : DAVID-HP\David
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (889 days left)

   Scan date . . . . . . : 2017-07-23 12:00:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1,369,277
   Files scanned . . . . : 25,173
   Remnants scanned  . . : 206,630 files / 1,137,474 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFE205CA68C510
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF806066812F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920
   Solution
      DriverObject . . . : FFFFE205CA68C510
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF80603F56E20 \SystemRoot\System32\drivers\storport.sys+28192

Malware _____________________________________________________________________

   C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
      Size . . . . . . . : 3,611,136 bytes
      Age  . . . . . . . : 29.8 days (2017-06-23 17:40:14)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 943A6BE03E498CA27B291DAD3493DC350C69AF603504B52CD96A55F41013E865
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -9.5s C:\Windows\Prefetch\TORBROWSER-INSTALL-7.0.1_EN-U-3ACC11B2.pf
         -7.2s C:\Users\David\Desktop\Tor Browser\
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\Accessible.tlb
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\AccessibleMarshal.dll
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\IA2Marshal.dll
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\application.ini
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\dependentlibs.list
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\firefox.VisualElementsManifest.xml
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\firefox.exe
         -7.2s C:\Users\David\Desktop\Tor Browser\Browser\freebl3.dll
         -7.1s C:\Users\David\Desktop\Tor Browser\Browser\lgpllibs.dll
         -7.1s C:\Users\David\Desktop\Tor Browser\Browser\libEGL.dll
         -7.0s C:\Users\David\Desktop\Tor Browser\Browser\libGLESv2.dll
         -6.9s C:\Users\David\Desktop\Tor Browser\Browser\libssp-0.dll
         -6.9s C:\Users\David\Desktop\Tor Browser\Browser\mozavcodec.dll
         -6.8s C:\Users\David\Desktop\Tor Browser\Browser\mozavutil.dll
         -6.8s C:\Users\David\Desktop\Tor Browser\Browser\mozglue.dll
         -6.8s C:\Users\David\Desktop\Tor Browser\Browser\msvcr100.dll
         -6.7s C:\Users\David\Desktop\Tor Browser\Browser\nss3.dll
         -6.6s C:\Users\David\Desktop\Tor Browser\Browser\nssckbi.dll
         -6.6s C:\Users\David\Desktop\Tor Browser\Browser\nssdbm3.dll
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\platform.ini
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\plugin-container.exe
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\plugin-hang-ui.exe
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\qipcap.dll
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\softokn3.dll
         -5.9s C:\Users\David\Desktop\Tor Browser\Browser\update-settings.ini
         -5.8s C:\Users\David\Desktop\Tor Browser\Browser\updater.ini
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarks.html
         -1.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\
         -1.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\tor-launcher@torproject.org.xpi
         -1.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\torbutton@torproject.org.xpi
         -1.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\preferences\
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\preferences\extension-overrides.js
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\user.js
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\extensions\
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\extensions\meek-http-helper@bamsoftware.com.xpi
         -1.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Firefox.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\HTTPS-Everywhere.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\NoScript.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-CJK-Font.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-Fonts.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Tor-Launcher.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Tor.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\Torbutton.txt
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.CC0
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.GO
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.PYTHON
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\LICENSE
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\README
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\fteproxy\
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\fteproxy\COPYING
         -1.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\fteproxy\README.md
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\libfte\
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\libfte\LICENSE
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\libfte\LICENSE.re2
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\libfte\README.md
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\meek\
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\meek\README
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\meek\meek-client.1.txt
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\meek\meek-server.1.txt
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Docs\sources\
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\
         -1.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libeay32.dll
         -0.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
         -0.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent_core-2-0-5.dll
         -0.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent_extra-2-0-5.dll
         -0.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
         -0.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgmp-10.dll
         -0.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
         -0.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\ssleay32.dll
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Cipher._AES.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Hash._SHA256.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Hash._SHA512.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Random.OSRNG.winrandom.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Util._counter.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Util.strxor.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_ctypes.pyd
         -0.6s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_hashlib.pyd
         -0.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_socket.pyd
         -0.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_ssl.pyd
         -0.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\bz2.pyd
         -0.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fte.cDFA.pyd
         -0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
         -0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.zip
         -0.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe
         -0.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client.exe
          0.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
          0.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfsproxy.exe
          0.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfsproxy.zip
          0.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\pyexpat.pyd
          0.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\python27.dll
          0.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\select.pyd
          0.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe
          0.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\unicodedata.pyd
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\w9xpopen.exe
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\zope.interface._zope_interface_coptimizations.pyd
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\VERSION
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\defs\
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\defs\20131224.json
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\browser\
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\browser\blocklist.xml
          0.4s C:\Users\David\Desktop\Tor Browser\Browser\browser\chrome.manifest
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\VisualElements\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\VisualElements\VisualElements_150.png
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\VisualElements\VisualElements_70.png
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\extensions\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\features\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\browser\features\e10srollout@mozilla.org.xpi
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\defaults\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\defaults\pref\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\dictionaries\
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\dictionaries\en-US.aff
          2.1s C:\Users\David\Desktop\Tor Browser\Browser\dictionaries\en-US.dic
          2.2s C:\Users\David\Desktop\Tor Browser\Browser\fonts\
          2.2s C:\Users\David\Desktop\Tor Browser\Browser\fonts\EmojiOneMozilla.ttf
          2.2s C:\Users\David\Desktop\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
          2.2s C:\Users\David\Desktop\Tor Browser\Browser\fonts\NotoSansKhmer-Regular.ttf
          2.2s C:\Users\David\Desktop\Tor Browser\Browser\fonts\NotoSansLao-Regular.ttf
          2.3s C:\Users\David\Desktop\Tor Browser\Browser\fonts\NotoSansMyanmar-Regular.ttf
          2.3s C:\Users\David\Desktop\Tor Browser\Browser\fonts\NotoSansYi-Regular.ttf
          2.3s C:\Users\David\Desktop\Tor Browser\Start Tor Browser.lnk
         10.8s C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
         10.8s C:\Users\David\Desktop\Start Tor Browser.lnk
         12.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\parent.lock
         12.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\
         12.1s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
         12.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\
         12.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\entries\
         12.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\doomed\
         13.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.sqlite
         14.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\gmp\
         14.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\HTTPSEverywhereUserRules\
         16.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\lock
         17.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
         22.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc
         40.4s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
         40.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
         40.7s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\
         40.9s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\thumbnails\
         41.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
         41.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
         42.2s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\mimeTypes.rdf
         42.3s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\
         42.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
         42.5s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
         72.8s C:\Users\David\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28d9143bc07030c5.customDestinations-ms
         72.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\SecurityPreloadState.txt
         72.8s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\SiteSecurityServiceState.txt
         74.0s C:\Users\David\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\gmp\WINNT_x86-gcc3\

I'm calling it a False Positive.

 

A lot of false positives lately..... All of a sudden the screen disappeared and turned blue. I thought the system had hung itself up until eventually HMP popped up with its malware alerts after finishing the scheduled auto-scan. HMP should not lock the screen until scan completion when making a malware find. I was about to use the power button to force a power-off since I could not use the keyboard. A msg on the screen like "HMP working, pease wait..." would help. Is this normal behavior?

Spoiler

Code:

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : 20FU-CTO1
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . :
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-07-24 12:23:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 14

   Objects scanned . . . : 1,391,900
   Files scanned . . . . : 12,121
   Remnants scanned  . . : 213,731 files / 1,166,048 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFE0014A3B3A50
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF801F98B12F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920
   Solution
      DriverObject . . . : FFFFE0014A3B3A50
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF801F879D530 \SystemRoot\System32\drivers\storport.sys+9520

Malware _____________________________________________________________________

   C:\Windows\System32\dnsapi.dll
      Size . . . . . . . : 656,384 bytes
      Age  . . . . . . . : 2.5 days (2017-07-22 01:28:52)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 6856980517FCDDF41EF62337BEEA204CBA4DB06E6DF5516A9EAE47F01BB7E786
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : DNS Client API DLL
      Version  . . . . . : 6.3.9600.18730
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 106.0

   C:\Windows\SysWOW64\dnsapi.dll
      Size . . . . . . . : 499,200 bytes
      Age  . . . . . . . : 2.5 days (2017-07-22 01:28:52)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : DC2177E7FC104051DF146A9FA2C09B5CDF88E71F2943FAC28A24C442D69663CB
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : DNS Client API DLL
      Version  . . . . . : 6.3.9600.18730
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 104.0

   C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.18731_none_90d1a6e32b57b279\dnsapi.dll
      Size . . . . . . . : 499,200 bytes
      Age  . . . . . . . : 2.5 days (2017-07-22 01:28:52)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : DC2177E7FC104051DF146A9FA2C09B5CDF88E71F2943FAC28A24C442D69663CB
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : DNS Client API DLL
      Version  . . . . . : 6.3.9600.18730
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 102.0

 

I have another - Don't know how to post screenshots etc so I'll just type what I see -

HitmanPro 3.7.20 - Build 286

Scan results:
No threats found.

hitmanpro37.sys Driver
C:\Windows\system32\drivers\ Unknown (6.0)

ieframe.dll WRP Run Unknown (7.0)
C:\Windows\System32\

It looks like Hitman is reporting one of it's own files as suspicious, have I got that right?