# Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

1. ### TheblackstarRegistered Member

Joined:
Mar 27, 2016
Posts:
36
Location:
Italia
UP.

[codice]
HitmanPro 3.8.0.292
www.hitmanpro.com

Nome del computer . . . . :
Finestre . . . . . . . : 10.0.0.16299.X64 / 4
Nome utente . . . . . :
UAC. . . . . . . . . : Abilitato
Licenza . . . . . . . : Pagato (225 giorni rimanenti)

Data di scansione. . . . . . : 2018-02-23 18:54:17
Modalità di scansione. . . . . . : Normale
Durata della scansione . . . : 5m 20s
Modalità di accesso al disco. . : Accesso diretto al disco (SRB)
Nube . . . . . . . . : Internet
Riavvia. . . . . . . : No

Minacce . . . . . . . : 0
Tracce . . . . . . : 5

Oggetti scansionati . . . : 1.626.032
File scansionati. . . . : 17.364
Resti scansionati. . : 236.008 file / 1.372.660 chiavi

Miniport ____________________________________________________________________

Primario
DriverObject. . . : FFFFE10ABAF9E370
DriverName. . . . : \ Driver \ iaStorA
DriverPath. . . . : \ SystemRoot \ System32 \ drivers \ iaStorA.sys
StartIo. . . . . : 0000000000000000 +0
IRP_MJ_SCSI. . . : FFFFF80AAD7D8560 \ ?? \ C: \ Windows \ system32 \ drivers \ hmpalert.sys + 165216
Soluzione
DriverObject. . . : FFFFE10ABAF9E370
DriverName. . . . : \ Driver \ iaStorA
DriverPath. . . . : \ SystemRoot \ System32 \ drivers \ iaStorA.sys
StartIo. . . . . : 0000000000000000 +0
IRP_MJ_SCSI. . . : FFFFF80AAC247280 \ SystemRoot \ System32 \ drivers \ storport.sys + 29312

Documenti sospetti ____________________________________________________________

C: \ Users \ Claudio \ AppData \ Roaming \ uTorrent \ uTorrent.exe
Dimensione . . . . . . . : 2.151.864 byte
Età . . . . . . : 87,9 giorni (27-11-2017 21:02:31)
Entropia. . . . . : 8.0
SHA-256. . . . . : 6B3E21D568C9305C5AB205341C6D0F943CBEC5F8F04B67D9D7230F1F1E40F8F2
Prodotto . . . . . : μTorrent
Editore . . . : BitTorrent Inc.
Descrizione . . : μTorrent
Versione . . . . : 3.5.3.44358
Diritto d'autore . . . . : © 2018 BitTorrent, Inc. Tutti i diritti riservati.
Dimensione chiave RSA. . . : 2048
LanguageID. . . . : 1033
Authenticode. . . : Valido
Sfocato. . . . . . : 26,0
Il file è completamente nascosto dalla vista e dalla maggior parte dei prodotti antivirus. Potrebbe appartenere a un rootkit.
L'entropia (o casualità) indica che il programma è crittografato, compresso o offuscato. Questo non è tipico per la maggior parte dei programmi.
Utilizza il registro di Windows per eseguire ogni volta che l'utente accede.
Il programma si avvia automaticamente senza l'intervento dell'utente.
Il programma è firmato con un certificato Authenticode valido.
Avviare
HKU \ S-1-5-21-2929277839-300365066-2798696797-1001 \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ uTorrent
Riferimenti
C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Internet Explorer \ Avvio rapido \ Utente appuntato \ TaskBar \ μTorrent.lnk
C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Internet Explorer \ Avvio rapido \ μTorrent.lnk
C: \ Users \ Claudio \ AppData \ Roaming \ Microsoft \ Windows \ Menu Avvio \ uTorrent.lnk

[/codice]

2. ### hayc59Updates Team

Joined:
Feb 9, 2002
Posts:
2,716
Location:
USA Trump Town
Does this program install or more of a portable one?

3. ### MinimalistRegistered Member

Joined:
Jan 6, 2014
Posts:
13,203
Location:
Here
You can run it only to scan (without installation) or install it. Even if installed there is nothing running in real time, it's still on demand scanner only, but this way you can use right click option to scan files and folders.

4. ### TheblackstarRegistered Member

Joined:
Mar 27, 2016
Posts:
36
Location:
Italia
Question uTorrent: for information, by Victor Van Hillo (Hitmanpro)

"It's not a problem, default action is Ignore. We can whitelist the SHA256 in the backend. I will whitelist on Monday".

Problem solved, good weekend to all users.

5. ### KrustyRegistered Member

Joined:
Feb 3, 2012
Posts:
7,655
Location:
Among the gum trees
What was the outcome of this? I just noticed I've got 3.7 and 3.8 installed but I was fairly sure I didn't have when I was reading the older posts about it.

File size:
9.4 KB
Views:
5
6. ### cruelsisterRegistered Member

Joined:
Nov 6, 2007
Posts:
1,429
Location:
Paris
Just an observation on the current HMP version- Although the Early Bird may catch the Worm, HMP certainly does not.

7. ### Peter2150Global Moderator

Joined:
Sep 20, 2003
Posts:
20,590
Please elaborate, especially for the developers. This comment says nothing.

Thanks

8. ### cruelsisterRegistered Member

Joined:
Nov 6, 2007
Posts:
1,429
Location:
Paris
Nothing I haven't done before (and have been ignored by the Devs), but a Secondary scanner Worm shoot out may be done in April (not that anyone cares...).

9. ### Peter2150Global Moderator

Joined:
Sep 20, 2003
Posts:
20,590
There are those that care. Includes me

10. ### mattdocs12345Registered Member

Joined:
Mar 23, 2013
Posts:
1,879
Location:
US
Okay 3 days into HMPA and I like it quite a bit. Very easy on resources.

11. ### cyberlost24Registered Member

Joined:
Mar 11, 2004
Posts:
117
Are you really talking HMPA...this thread is for HMP....TWO (2) different animals!!

12. ### mattdocs12345Registered Member

Joined:
Mar 23, 2013
Posts:
1,879
Location:
US
HMPA has HMP scanner in it. But yeah, you are right wrong thread.

13. ### Hijin25Registered Member

Joined:
Jun 15, 2017
Posts:
17
Location:
México
When performing the scanner with hitmanpro, it tries to load the file em023_64.dll, belonging to ESET, to the cloud, but the load fails. I do not understand at first, because it tries to load this ESET file, which I think has to do with the virus signature, and second, because the load fails. This started to appear today, and only happens on my PC with 64-bit windows 7.

14. ### Page42Registered Member

Joined:
Jun 18, 2007
Posts:
6,385
Location:
USA
Same for me. And then there is no record of the fail. Today was first day I've encountered it. It is a new file, 10.3 MB in size. I uploaded it to Virus Total no problem.

Last edited: Mar 21, 2018
15. ### Dragon1952Registered Member

Joined:
Sep 16, 2012
Posts:
1,900
Location:
Hollow Earth - Telos
Hitmanpro gets hung up and stalls when classifying winnhlp32.exe during scan.

16. ### Stupendous ManRegistered Member

Joined:
Aug 1, 2010
Posts:
2,139
Location:
the Netherlands
Do you really mean winnhlp32.exe, or did you mean winhlp32.exe?
I don't think winnhlp32.exe is on my Windows 7 x64 system.
winhlp32.exe is classified with no issues, scanning with HMP, on my Windows 7 x64 system.
Have you tried a second time?

17. ### MinimalistRegistered Member

Joined:
Jan 6, 2014
Posts:
13,203
Location:
Here
Is this at the end of the scan? Indicator comes right to the end, but scan is not finished yet? I've had similar experience in past. It's not file scanning that is causing a problem but as I remember HMP is waiting for answer form their server. Scan indicator would stop and show last scanned file so it would seem like it's winhlp32.exe or any other file that was last scanned.

18. ### Dragon1952Registered Member

Joined:
Sep 16, 2012
Posts:
1,900
Location:
Hollow Earth - Telos
I thought the scan might be waiting for something from the server or cloud, but it stalled for 2 or 3 minutes so i canceled the scan. I started the scan again and the same thing happened so i canceled the scan again after a few minutes. It stalled on a known file, so i thought that maybe the cloud was busy and backed up with work.

19. ### Dragon1952Registered Member

Joined:
Sep 16, 2012
Posts:
1,900
Location:
Hollow Earth - Telos
I just scanned again for a third time and it did not get hung up and ended in 47 seconds this time. Not sure if the file was win or winn. I did a google search on winn so that is what it looked like to me, because i doubled checked the spelling before i searched for it.

20. ### Nicodemus75Registered Member

Joined:
Apr 29, 2018
Posts:
1
Location:
Isla de Muerte
Attempted to run a scan with Hitman Pro, it begins the scan for a few seconds (5) and crashes.

Win 7 Ultimate 64 bit

I've looked a bit through the forums, and I see that others have had crashes, but I couldn't find any like this. I have tried from local HDDs and from USB. Same crash occurs.https://imgur.com/c0B1DGf
Any help?

21. ### ronald739Registered Member

Joined:
Nov 9, 2011
Posts:
123
Location:
Australia
I know it is a new Win 10 build, thought I let the Dev's know.

After upgrading to Win 10X64 1803 / 17134.1 I'm getting a Suspicious File on "C:\WINDOWS\system32\svchost.exe".

Code:
HitmanPro 3.8.0.292
www.hitmanpro.com
Computer name . . . . : ASUS-DESKTOP
Windows . . . . . . . : 10.0.0.17134.X64/4
User name . . . . . . : ASUS-DESKTOP\ronal
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2018-05-01 17:38:46
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 13s
Disk access mode  . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot  . . . . . . . : No
Threats . . . . . . . : 0
Traces  . . . . . . . : 302
Objects scanned . . . : 1,802,551
Files scanned . . . . : 27,121
Remnants scanned  . . : 626,475 files / 1,148,955 keys
Suspicious files ____________________________________________________________
C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2,404,352 bytes
Age  . . . . . . . : 6.2 days (2018-04-25 13:23:50)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 1E9E66BD822F45313889F5E7E4C86E8076AEB92A578EC68C75A53A693B3E5436
Needs elevation  . : Yes
Fuzzy  . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.3s C:\Windows.old\Windows\Prefetch\PICKERHOST.EXE-B8A68B3C.pf
0.0s C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
0.0s C:\Users\ronal\Desktop\FRST64.exe
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\B188CB15620CB5A9CD7E5AB985271159
C:\Users\ronal\Desktop\FRST64.exe
Size . . . . . . . : 2,405,888 bytes
Age  . . . . . . . : 6.2 days (2018-04-25 13:23:50)
Entropy  . . . . . : 7.6
SHA-256  . . . . . : 94625159B98EE547433B2007873C5D5280C8AC861957F6532AB3DE55C13E7362
Needs elevation  . : Yes
Fuzzy  . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.3s C:\Windows.old\Windows\Prefetch\PICKERHOST.EXE-B8A68B3C.pf
0.0s C:\Users\ronal\Desktop\FRST-OlderVersion\FRST64.exe
0.0s C:\Users\ronal\Desktop\FRST64.exe
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\B188CB15620CB5A9CD7E5AB985271159
C:\WINDOWS\system32\svchost.exe
Size . . . . . . . : 51,288 bytes
Age  . . . . . . . : 0.2 days (2018-05-01 12:11:16)
Entropy  . . . . . : 6.1
SHA-256  . . . . . : C9A28DC8004C3E043CBF8E3A194FDA2B756CE90740DF2175488337281B485F69
Product  . . . . . : Microsoft® Windows® Operating System
Publisher  . . . . : Microsoft Corporation
Description  . . . : Host Process for Windows Services
Version  . . . . . : 10.0.17134.1
Copyright  . . . . : © Microsoft Corporation. All rights reserved.
RSA Key Size . . . : 2048
Service  . . . . . : WpnUserService_35ea5
Process Type . . . : Critical
LanguageID . . . . : 1033
Authenticode . . . : Valid
Running processes  : 340, 544, 900, 912, 928, 1124, 1164, 1336, 1356, 1472, 1480, 1524, 1536, 1544, 1560, 1576, 1652, 1752, 1804, 1824, 1832, 1896, 2084, 2188, 2196, 2204, 2224, 2252, 2300, 2332, 2344, 2548, 2620, 2632, 2664, 2752, 3112, 3240, 3256, 3272, 3336, 3356, 3404, 3476, 3504, 3524, 3680, 3936, 3968, 4024, 4028, 4080, 5628, 5952, 6032, 6156, 6184, 6808, 7196, 7744, 8336, 8848, 9372, 9556, 9644, 9984, 10080
Fuzzy  . . . . . . : 26.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
This program is actively listening for inbound network connections.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
This file's process is marked as system critical.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_35ea5\
HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_35ea5\
HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\MessagingService_35ea5\
HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_35ea5\
HKLM\SYSTEM\ControlSet001\Services\WpnUserService_35ea5\
HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
HKLM\SYSTEM\CurrentControlSet\Services\BFE\
HKLM\SYSTEM\CurrentControlSet\Services\BITS\
HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
HKLM\SYSTEM\CurrentControlSet\Services\Browser\
HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
HKLM\SYSTEM\CurrentControlSet\Services\DPS\
HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
HKLM\SYSTEM\CurrentControlSet\Services\irmon\
HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
HKLM\SYSTEM\CurrentControlSet\Services\LSM\
HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
HKLM\SYSTEM\CurrentControlSet\Services\Netman\
HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\nsi\
HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\pla\
HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
HKLM\SYSTEM\CurrentControlSet\Services\Power\
HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\SENS\
HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
HKLM\SYSTEM\CurrentControlSet\Services\smphost\
HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
HKLM\SYSTEM\CurrentControlSet\Services\swprv\
HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
HKLM\SYSTEM\CurrentControlSet\Services\TermService\
HKLM\SYSTEM\CurrentControlSet\Services\Themes\
HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f62e\
HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
Network Ports
0.0.0.0:135
0.0.0.0:49665
0.0.0.0:49666
0.0.0.0:5040
0.0.0.0:7680
192.168.0.2:50050 13.89.187.212:443
192.168.0.2:50188 52.175.18.194:443
192.168.0.2:50190 52.175.18.194:443
192.168.0.2:50191 52.175.18.194:443
192.168.0.2:50218 109.70.240.130:80
192.168.0.2:50244 109.70.240.130:80



22. ### Mac29Registered Member

Joined:
Apr 19, 2018
Posts:
21
Location:
FL
I just installed but can find no way to verify it's actually (also) scanning flashdrives. Haven't found that in a search of the forum and really want to know that HM Pro is scanning my flashdrives. During a scan all I see are files after C: and later just "files".

Having recently learned of VirusTotal, I'll consider my systems clean after AV, Malwarebytes and a 3rd swipe using Hitman.

Any feedback would be appreciated.

Thanks,

Mac

23. ### MinimalistRegistered Member

Joined:
Jan 6, 2014
Posts:
13,203
Location:
Here
What about context menu scan? Can you right click on flash drive letter and choose scan with HitmanPro?

24. ### paulderdashRegistered Member

Joined:
Dec 27, 2013
Posts:
3,880
Location:
Under a bushel ...
I think the default HMP scan only scans the system drive, and there seems to be no option / setting to scan all / other drives. But someone like @Stupendous Man will have to confirm.
Not the drive, but folders / files therein.

25. ### Stupendous ManRegistered Member

Joined:
Aug 1, 2010
Posts:
2,139
Location:
the Netherlands
To my knowledge, HMP scan only scans the system drive, and there is no setting to scan other drives, except for the context menu scan option.
If there would be some other option, I hope @erikloman, @markloman, or @RonnyT can tell.