Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016 Ran by USER (18-10-2016 19:10:57) Run:3 Running from C:\Users\USER\Desktop Loaded Profiles: USER (Available Profiles: USER) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {5DED1EFB-8D6D-437C-9EAF-C0E92C28CBA3} - \WPD\SqmUpload_S-1-5-21-77165034-2136077583-516565766-1001 -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKU\S-1-5-21-77165034-2136077583-516565766-1001\...\MountPoints2: {541b5266-d228-11e5-829f-90489af22290} - "E:\WD SmartWare.exe" autoplay=true CMD: type "C:\ProgramData\HitmanPro\Logs\Hitman*.log" CMD: bitsadmin /reset /allusers CMD: ipconfig /flushdns hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DED1EFB-8D6D-437C-9EAF-C0E92C28CBA3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DED1EFB-8D6D-437C-9EAF-C0E92C28CBA3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-77165034-2136077583-516565766-1001" => key removed successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully "HKU\S-1-5-21-77165034-2136077583-516565766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{541b5266-d228-11e5-829f-90489af22290}" => key removed successfully HKCR\CLSID\{541b5266-d228-11e5-829f-90489af22290} => key not found. ========= type "C:\ProgramData\HitmanPro\Logs\Hitman*.log" ========= C:\ProgramData\HitmanPro\Logs\HitmanPro_20150221_2355.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-02-21 23:45:24 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 2 Traces . . . . . . . : 68 Objects scanned . . . : 1,714,044 Files scanned . . . . : 40,878 Remnants scanned . . : 439,544 files / 1,233,622 keys Malware _____________________________________________________________________ C:\Users\USER\Downloads\download-windows-movie-maker (1).exe -> Quarantined Size . . . . . . . : 658,312 bytes Age . . . . . . . : 6.1 days (2015-02-15 20:30:42) Entropy . . . . . : 7.0 SHA-256 . . . . . : 8DCB6636256C533D4EA9476D85F4DBD3E567B15F85E9E2471098E3AF388C4219 RSA Key Size . . . : 2048 Authenticode . . . : Self-signed > Kaspersky . . . . : not-a-virus:Downloader.Win32.DownloadHelper.a Fuzzy . . . . . . : 111.0 Forensic Cluster 0.0s C:\Users\USER\Downloads\download-windows-movie-maker (1).exe 1.6s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a130 1.7s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a131 1.8s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a132 4.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2FAC8CE285C8CD9FC7F992BFE39C4D46_CEE544465F7573294E2074C5F4EC5929 4.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2FAC8CE285C8CD9FC7F992BFE39C4D46_CEE544465F7573294E2074C5F4EC5929 4.4s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a133 5.1s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a134 6.8s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a135 6.9s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a136 7.2s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a137 7.3s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a138 9.2s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a139 9.2s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13a 12.7s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13b 39.0s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13c 39.3s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13d 39.5s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13e 39.5s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a13f 39.5s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a140 39.6s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a141 39.6s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a142 39.6s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a143 39.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AA3321A15A787985201D7A6820782F0_4E35DE6F4FCFB7BE2C045F6B5ED89FC8 39.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AA3321A15A787985201D7A6820782F0_4E35DE6F4FCFB7BE2C045F6B5ED89FC8 39.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_F6B87461FD8410E117804A8254501C39 39.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E82ACDA9F5169E971D6B19B65E168F2A_F6B87461FD8410E117804A8254501C39 39.9s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a144 40.7s C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1b03f0345bff7fcc585a9c081639840_49014ff0-e7b0-488a-a3f9-c790c742f8a3 40.7s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a145 45.3s C:\Users\USER\Downloads\wlsetup-web.exe C:\Users\USER\Downloads\download-windows-movie-maker.exe -> Quarantined Size . . . . . . . : 658,312 bytes Age . . . . . . . : 6.1 days (2015-02-15 20:27:46) Entropy . . . . . : 7.0 SHA-256 . . . . . : 6CEB14FFFCA26F3E4444F6C5A6CF0E074539A54D823D44F75F12E51D0205345E RSA Key Size . . . : 2048 Authenticode . . . : Self-signed > Kaspersky . . . . : not-a-virus:Downloader.Win32.DownloadHelper.a Fuzzy . . . . . . : 111.0 Forensic Cluster -6.1s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12a -4.3s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12b -3.7s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12c -3.1s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12d -2.9s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12e -2.5s C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a12f 0.0s C:\Users\USER\Downloads\download-windows-movie-maker.exe Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon) -> PendingDelete Cookies _____________________________________________________________________ C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:accstandardbank.112.2o7.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.2xbpub.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.polmontventures.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.jp C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:educationcom.112.2o7.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexy.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.freedealsnow.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexy.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\USER\AppData\Local\Microsoft\Windows\INetCookies\24L5109Q.txt C:\Users\USER\AppData\Local\Microsoft\Windows\INetCookies\MWXJ94C0.txt C:\Users\USER\AppData\Local\Microsoft\Windows\INetCookies\U0CBXIQ3.txt [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150222_1012.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (29 days left) Scan date . . . . . . : 2015-02-22 10:09:23 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,003 Files scanned . . . . : 5,003 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 153.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5760 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150222_1218.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (29 days left) Scan date . . . . . . : 2015-02-22 12:16:05 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,949 Files scanned . . . . : 4,949 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150223_1711.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (28 days left) Scan date . . . . . . : 2015-02-23 16:55:20 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,045 Files scanned . . . . : 5,045 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 154.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3096 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150226_2055.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (25 days left) Scan date . . . . . . : 2015-02-26 20:48:00 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,011 Files scanned . . . . : 5,011 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 158.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2760 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150227_1351.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (24 days left) Scan date . . . . . . : 2015-02-27 13:47:17 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,075 Files scanned . . . . : 5,075 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 158.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5576 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150228_0919.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (23 days left) Scan date . . . . . . : 2015-02-28 09:14:50 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,114 Files scanned . . . . : 5,114 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 159.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6208 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150301_0816.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (22 days left) Scan date . . . . . . : 2015-03-01 08:12:19 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,227 Files scanned . . . . : 5,227 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 160.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4008 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150301_1811.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (22 days left) Scan date . . . . . . : 2015-03-01 18:08:59 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,064 Files scanned . . . . : 5,064 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150306_2054.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (17 days left) Scan date . . . . . . : 2015-03-06 20:51:51 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,945 Files scanned . . . . : 4,945 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150307_1520.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (16 days left) Scan date . . . . . . : 2015-03-07 15:16:45 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,125 Files scanned . . . . : 5,125 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 166.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6728 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150307_1714.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (16 days left) Scan date . . . . . . : 2015-03-07 17:13:16 Scan mode . . . . . . : Quick Scan duration . . . . : 1m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,038 Files scanned . . . . : 5,038 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150308_1346.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (15 days left) Scan date . . . . . . : 2015-03-08 13:43:23 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 5s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,069 Files scanned . . . . : 5,069 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150313_2100.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (10 days left) Scan date . . . . . . : 2015-03-13 20:56:02 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 54s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,022 Files scanned . . . . : 5,022 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150318_2046.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (5 days left) Scan date . . . . . . : 2015-03-18 20:38:16 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,045 Files scanned . . . . : 5,045 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 178.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1712 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150321_2105.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (2 days left) Scan date . . . . . . : 2015-03-21 21:03:13 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,960 Files scanned . . . . : 4,960 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 181.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1200 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150322_0814.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (1 days left) Scan date . . . . . . : 2015-03-22 08:08:59 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 51s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,009 Files scanned . . . . : 5,009 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150324_1245.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-03-24 12:42:35 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 39s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,052 Files scanned . . . . : 5,052 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150325_2058.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-03-25 20:55:14 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,999 Files scanned . . . . : 4,999 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150326_1921.log [code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-03-26 19:18:23 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,082 Files scanned . . . . : 5,082 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150328_2049.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-03-28 20:45:09 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,054 Files scanned . . . . : 5,054 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150402_2235.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-02 22:32:19 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,934 Files scanned . . . . : 4,934 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150403_1129.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-03 11:26:28 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,993 Files scanned . . . . : 4,993 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150406_1602.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-06 15:59:33 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 52s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,005 Files scanned . . . . : 5,005 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150407_1454.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-07 14:51:07 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,026 Files scanned . . . . : 5,026 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150408_0849.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-08 08:47:25 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,106 Files scanned . . . . : 5,106 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150408_1341.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-08 13:38:11 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,997 Files scanned . . . . : 4,997 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150410_2154.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-10 21:49:30 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,990 Files scanned . . . . : 4,990 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150411_2002.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-11 19:59:19 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,041 Files scanned . . . . : 5,041 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 202.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3908 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150419_1207.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-19 11:58:00 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,107 Files scanned . . . . : 5,107 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 209.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7864 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150419_1434.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-19 14:30:43 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,858 Files scanned . . . . : 4,858 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150420_2008.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-20 20:05:06 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 4,954 Files scanned . . . . : 4,954 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 211.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1044 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150423_2045.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-23 20:41:16 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,209 Files scanned . . . . : 5,209 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150424_2105.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-24 20:59:44 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,980 Files scanned . . . . : 4,980 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150425_2015.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-25 20:13:13 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,132 Files scanned . . . . : 5,132 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150426_1117.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-26 10:36:21 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,014 Files scanned . . . . : 5,014 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 216.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1128 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150426_1945.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-26 19:42:03 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,020 Files scanned . . . . : 5,020 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150428_1934.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-04-28 19:29:48 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 39s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,143 Files scanned . . . . : 5,143 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150502_2133.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-02 21:29:57 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,088 Files scanned . . . . : 5,088 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150503_2112.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-03 21:04:16 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,211 Files scanned . . . . : 5,211 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 224.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6752 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150505_1905.log [code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-05 19:03:22 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,097 Files scanned . . . . : 5,097 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150510_1649.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-10 16:47:42 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,091 Files scanned . . . . : 5,091 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150516_2018.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-16 19:50:59 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,173 Files scanned . . . . : 5,173 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 237.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4344 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150517_1604.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-17 15:55:44 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,198 Files scanned . . . . : 5,198 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150518_2139.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-18 21:34:29 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 33s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,052 Files scanned . . . . : 5,052 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 239.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1768 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150520_2114.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-20 21:11:00 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,013 Files scanned . . . . : 5,013 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150521_2128.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-21 21:23:30 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 52s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,021 Files scanned . . . . : 5,021 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150523_2005.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-23 19:57:15 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,967 Files scanned . . . . : 4,967 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150524_0718.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-24 07:16:16 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,030 Files scanned . . . . : 5,030 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150524_1949.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-24 19:42:16 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,982 Files scanned . . . . : 4,982 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 245.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1984 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150529_1719.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-29 17:17:10 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,040 Files scanned . . . . : 5,040 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150530_1704.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-30 16:56:18 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,069 Files scanned . . . . : 5,069 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 250.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7056 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150531_1636.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-31 16:29:17 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 7 Objects scanned . . . : 5,028 Files scanned . . . . : 5,028 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Users\USER\AppData\Local\Temp\iqepahav.exe Size . . . . . . . : 1,177,088 bytes Age . . . . . . . : -0.0 days (2015-05-31 16:28:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : E4C6DB60F16F4ECE4A75E2A984848BE1461B534D818A2F2F892E50FA615F78B7 Product . . . . . : Free YouTube Downloader Publisher . . . . : How, Inc Description . . . : Free YouTube Downloader Setup Program Version . . . . . : 4.0 Copyright . . . . : How Inc. RSA Key Size . . . : 2048 Desktop . . . . . : Default Parent Name . . . : C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe LanguageID . . . . : 1033 Authenticode . . . : Valid Running processes : 7164 > Kaspersky . . . . : not-a-virus:Downloader.Win32.Agent.djbe Fuzzy . . . . . . : 101.0 Network Ports 192.168.1.105:59100 74.125.203.101:80 192.168.1.105:59105 203.69.141.34:80 192.168.1.105:59107 108.162.203.99:80 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150531_1719.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-05-31 17:13:25 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,039 Files scanned . . . . : 5,039 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 251.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1644 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150601_2014.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-01 20:05:57 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 0s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,155 Files scanned . . . . : 5,155 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 253.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1760 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150602_1609.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-02 16:07:08 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,020 Files scanned . . . . : 5,020 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150606_1741.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-06 17:35:21 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,096 Files scanned . . . . : 5,096 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150607_1450.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-07 14:48:19 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,063 Files scanned . . . . : 5,063 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150607_2025.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-07 20:20:41 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,045 Files scanned . . . . : 5,045 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 259.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 588 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150608_1610.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-08 16:07:37 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,031 Files scanned . . . . : 5,031 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150609_1945.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-09 19:42:33 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,061 Files scanned . . . . : 5,061 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150611_1337.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-11 13:33:55 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,065 Files scanned . . . . : 5,065 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150611_1456.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-11 14:49:41 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,958 Files scanned . . . . : 4,958 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 262.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1676 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150611_2006.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-11 20:04:27 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,929 Files scanned . . . . : 4,929 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150612_0730.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-12 07:27:48 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 4,953 Files scanned . . . . : 4,953 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 263.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 732 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150612_1838.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-12 18:35:40 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,089 Files scanned . . . . : 5,089 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150612_2047.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-12 20:45:24 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,062 Files scanned . . . . : 5,062 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150613_1939.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-13 19:33:24 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,019 Files scanned . . . . : 5,019 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150614_2018.log [code] HitmanPro 3.7.9.241 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-14 20:15:33 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 25s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,042 Files scanned . . . . : 5,042 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150618_2026.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-18 20:23:28 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 39s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,053 Files scanned . . . . : 5,053 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150619_1019.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-19 10:16:34 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,095 Files scanned . . . . : 5,095 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 270.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2484 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150620_1021.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-20 10:17:50 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 33s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,068 Files scanned . . . . : 5,068 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 271.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7812 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150621_0840.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-21 08:37:47 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 33s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,088 Files scanned . . . . : 5,088 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 272.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6084 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150621_1322.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-21 13:18:39 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,078 Files scanned . . . . : 5,078 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150623_2004.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-23 20:00:14 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,060 Files scanned . . . . : 5,060 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150623_2135.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-23 21:29:58 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,934 Files scanned . . . . : 4,934 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150625_2028.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-25 20:22:15 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,993 Files scanned . . . . : 4,993 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150626_1832.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-26 18:25:23 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,130 Files scanned . . . . : 5,130 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 277.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6784 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150630_2111.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-06-30 21:04:55 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,040 Files scanned . . . . : 5,040 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 282.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5700 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150705_1527.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-05 15:23:12 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,016 Files scanned . . . . : 5,016 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150707_1958.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-07 19:54:44 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,228 Files scanned . . . . : 5,228 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150711_2021.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-11 20:13:58 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,128 Files scanned . . . . : 5,128 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 293.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1552 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150712_0940.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-12 09:35:14 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,121 Files scanned . . . . : 5,121 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 293.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3756 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150717_1446.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-17 14:39:46 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 8s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,095 Files scanned . . . . : 5,095 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150717_2154.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-17 21:47:54 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,987 Files scanned . . . . : 4,987 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 299.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1688 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150718_0832.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-07-18 08:11:08 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,999 Files scanned . . . . : 4,999 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 299.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1744 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150809_2136.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-09 21:29:14 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,160 Files scanned . . . . : 5,160 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 322.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1676 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150810_2053.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-10 20:49:11 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 34s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,185 Files scanned . . . . : 5,185 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 323.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5604 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150811_1057.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-11 10:49:24 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,069 Files scanned . . . . : 5,069 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 323.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4500 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150812_2047.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-12 20:37:43 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 11s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,246 Files scanned . . . . : 5,246 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 325.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2404 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150813_1914.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-13 19:07:58 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,967 Files scanned . . . . : 4,967 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 326.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1664 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150814_1712.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-14 17:04:42 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,130 Files scanned . . . . : 5,130 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 326.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 17308 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150815_0831.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-15 08:28:08 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,047 Files scanned . . . . : 5,047 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 327.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 19220 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150818_2005.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-18 19:57:44 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,939 Files scanned . . . . : 4,939 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150819_1742.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-19 17:36:47 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,170 Files scanned . . . . : 5,170 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 331.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5848 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150821_2041.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-21 20:38:15 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,203 Files scanned . . . . : 5,203 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 334.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3400 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150822_0718.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-22 07:15:30 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 0s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,037 Files scanned . . . . : 5,037 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150822_2107.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-22 21:04:10 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,067 Files scanned . . . . : 5,067 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150823_1404.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-23 14:00:54 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,066 Files scanned . . . . : 5,066 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 335.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3744 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150823_2232.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-23 21:53:54 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 5 Objects scanned . . . : 4,964 Files scanned . . . . : 4,964 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Users\USER\AppData\Local\Temp\WAX5E73.tmp Size . . . . . . . : 892,928 bytes Age . . . . . . . : -0.0 days (2015-08-23 21:52:41) Entropy . . . . . : 1.7 SHA-256 . . . . . : F42D2C2FCFC1E18173FCE8F687E27FA9FD7B73823C7B85B77D73B4AF768E757A Fuzzy . . . . . . : 22.0 Time indicates that the file appeared recently on this computer. The file name extension of this program is not common. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. File resides in a temporary folder. This is not typical for most programs. The file is in use by one or more active processes. C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 336.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1652 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150825_1917.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-25 19:13:05 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,010 Files scanned . . . . : 5,010 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150825_2038.log [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-25 20:20:49 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 4,913 Files scanned . . . . : 4,913 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 338.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1688 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150829_2037.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-29 20:32:35 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,123 Files scanned . . . . : 5,123 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150830_2150.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-08-30 21:44:48 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,059 Files scanned . . . . : 5,059 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 343.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5672 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150901_2058.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-01 20:38:44 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 6 Objects scanned . . . : 5,093 Files scanned . . . . : 5,093 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 345.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4484 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 C:\Windows\system32\drivers\aswRvrt.sys Size . . . . . . . : 65,736 bytes Age . . . . . . . : -0.0 days (2015-09-01 20:40:40) Entropy . . . . . : 6.2 SHA-256 . . . . . : A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 Fuzzy . . . . . . : 52.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. C:\Windows\system32\drivers\aswVmm.sys Size . . . . . . . : 272,248 bytes Age . . . . . . . : -0.0 days (2015-09-01 20:40:40) Entropy . . . . . : 5.4 SHA-256 . . . . . : 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 Fuzzy . . . . . . : 52.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150901_2108.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-01 21:05:21 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,039 Files scanned . . . . : 5,039 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150903_2114.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-03 21:09:46 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,034 Files scanned . . . . : 5,034 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150905_2035.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-05 20:28:28 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,216 Files scanned . . . . : 5,216 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 349.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2848 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150906_1607.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-06 16:05:19 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 25s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,048 Files scanned . . . . : 5,048 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150906_2117.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-06 21:14:16 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,094 Files scanned . . . . : 5,094 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150908_2000.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-08 19:39:50 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,091 Files scanned . . . . : 5,091 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 352.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4576 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150909_1910.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-09 19:05:11 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,109 Files scanned . . . . : 5,109 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150911_1901.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-11 18:52:32 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,249 Files scanned . . . . : 5,249 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 354.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6340 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150913_2109.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-13 21:03:45 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,954 Files scanned . . . . : 4,954 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150914_2006.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-14 19:59:35 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,091 Files scanned . . . . : 5,091 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 358.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3692 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150918_1839.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-18 18:32:06 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,158 Files scanned . . . . : 5,158 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 361.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1472 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150919_1500.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-19 14:50:32 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,121 Files scanned . . . . : 5,121 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 362.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4632 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150919_1846.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-19 18:41:47 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,115 Files scanned . . . . : 5,115 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150919_2247.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-19 22:40:05 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,939 Files scanned . . . . : 4,939 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 363.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1744 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150920_2045.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-20 20:42:14 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 2s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,009 Files scanned . . . . : 5,009 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150922_2027.log [code] HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-22 20:22:33 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,075 Files scanned . . . . : 5,075 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 366.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5620 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150926_1834.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-26 18:27:05 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,227 Files scanned . . . . : 5,227 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150927_1102.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-27 10:53:24 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,137 Files scanned . . . . : 5,137 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 370.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7584 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150928_1019.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-28 10:11:12 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,173 Files scanned . . . . : 5,173 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 371.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1772 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150928_1557.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-28 15:54:47 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,946 Files scanned . . . . : 4,946 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20150930_2158.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-09-30 21:50:03 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,004 Files scanned . . . . : 5,004 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151001_2038.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-01 20:34:50 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,027 Files scanned . . . . : 5,027 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151004_0017.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-03 20:22:56 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 2s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,095 Files scanned . . . . : 5,095 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 377.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3708 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151004_1923.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-04 19:17:46 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,091 Files scanned . . . . : 5,091 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 378.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5076 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151005_2130.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-05 21:25:38 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 10s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,162 Files scanned . . . . : 5,162 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 379.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3816 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151006_2016.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-06 20:09:39 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 50s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,118 Files scanned . . . . : 5,118 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151008_2153.log [code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-08 21:02:55 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,120 Files scanned . . . . : 5,120 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 382.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3136 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151008_2340.log [code] HitmanPro 3.7.10.248 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-08 23:36:17 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,108 Files scanned . . . . : 5,108 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151009_1536.log [code] HitmanPro 3.7.10.248 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-09 15:30:49 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,126 Files scanned . . . . : 5,126 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151011_1444.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-11 14:41:13 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,384 Files scanned . . . . : 5,384 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151011_1656.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-11 16:51:41 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,111 Files scanned . . . . : 5,111 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151011_1958.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-11 19:56:01 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 54s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,109 Files scanned . . . . : 5,109 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151013_2109.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-13 21:05:02 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 5,152 Files scanned . . . . : 5,152 Remnants scanned . . : 0 files / 0 keys Repairs _____________________________________________________________________ No connection to Scan Cloud Check your firewall settings and allow HitmanPro.exe to access the Internet. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151021_2317.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-21 23:02:14 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 4,941 Files scanned . . . . : 4,941 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 395.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1820 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Repairs _____________________________________________________________________ No connection to Scan Cloud Check your firewall settings and allow HitmanPro.exe to access the Internet. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151022_2117.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-22 21:11:20 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 10s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,078 Files scanned . . . . : 5,078 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 396.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4416 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151028_1939.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-28 19:28:58 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,189 Files scanned . . . . : 5,189 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 402.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3608 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151028_2126.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-10-28 21:20:44 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,001 Files scanned . . . . : 5,001 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151101_0046.log [code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-01 00:36:34 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 54s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,172 Files scanned . . . . : 5,172 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151104_1916.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-04 19:09:38 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,172 Files scanned . . . . : 5,172 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151107_1635.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-07 16:27:39 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,057 Files scanned . . . . : 5,057 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151108_1428.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-08 14:21:32 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,134 Files scanned . . . . : 5,134 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151110_2028.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-10 20:19:56 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,170 Files scanned . . . . : 5,170 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 415.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5936 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151114_1932.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-14 19:19:24 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,163 Files scanned . . . . : 5,163 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 419.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6148 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151117_1956.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-17 19:43:58 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,189 Files scanned . . . . : 5,189 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 422.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1296 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151120_2048.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-20 20:41:59 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,293 Files scanned . . . . : 5,293 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 425.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6624 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151122_1918.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-22 19:09:12 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,087 Files scanned . . . . : 5,087 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 427.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1848 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151127_2204.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-27 21:57:27 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,185 Files scanned . . . . : 5,185 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 432.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2660 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151130_0920.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-11-29 21:25:26 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,209 Files scanned . . . . : 5,209 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 434.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 32 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151201_1856.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-01 18:40:38 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,216 Files scanned . . . . : 5,216 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 435.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 26536 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151201_2154.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-01 21:51:04 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 4,981 Files scanned . . . . : 4,981 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151202_2045.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-02 20:39:15 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,976 Files scanned . . . . : 4,976 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 437.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3304 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151204_1452.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-04 14:46:40 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,026 Files scanned . . . . : 5,026 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 438.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6000 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151205_2108.log [code] HitmanPro 3.7.10.251 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-05 20:59:35 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 10s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,076 Files scanned . . . . : 5,076 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 440.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4112 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151218_2342.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-18 23:20:27 Scan mode . . . . . . : Quick Scan duration . . . . : 18m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,289 Files scanned . . . . : 5,289 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 453.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5688 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151219_0944.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-19 08:36:04 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,074 Files scanned . . . . : 5,074 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 453.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\Windows\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1760 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\Windows\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151219_2040.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-19 20:26:09 Scan mode . . . . . . : Quick Scan duration . . . . : 14m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,121 Files scanned . . . . : 5,121 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 454.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3352 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151220_1519.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-20 15:07:33 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,419 Files scanned . . . . : 5,419 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 454.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7248 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151222_2050.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-22 20:36:43 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 24s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,302 Files scanned . . . . : 5,302 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 457.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4684 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20151224_1732.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2015-12-24 17:28:22 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 17s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,259 Files scanned . . . . : 5,259 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160101_1608.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-01 15:49:45 Scan mode . . . . . . : Quick Scan duration . . . . : 18m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,293 Files scanned . . . . : 5,293 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 466.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 756 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160101_1705.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-01 16:54:59 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,186 Files scanned . . . . : 5,186 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 466.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2288 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160103_1641.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-03 16:35:18 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,140 Files scanned . . . . : 5,140 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 468.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4852 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160108_2026.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-08 20:16:06 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 2s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,146 Files scanned . . . . : 5,146 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160110_2023.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-10 20:14:44 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,117 Files scanned . . . . : 5,117 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 476.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2140 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160113_2256.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-13 22:48:05 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,204 Files scanned . . . . : 5,204 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 479.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2204 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160117_1148.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-17 11:36:36 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,290 Files scanned . . . . : 5,290 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 482.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4228 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160117_1458.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-17 14:44:05 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,071 Files scanned . . . . : 5,071 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 482.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2268 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160117_2000.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-17 19:51:40 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,035 Files scanned . . . . : 5,035 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 483.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2188 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160119_1903.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-19 19:00:30 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,051 Files scanned . . . . : 5,051 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160120_2010.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-20 20:01:10 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,044 Files scanned . . . . : 5,044 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 486.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2184 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160121_1545.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-21 15:30:25 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,081 Files scanned . . . . : 5,081 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 486.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2328 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160123_1649.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-23 16:46:11 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,244 Files scanned . . . . : 5,244 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 488.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4120 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160124_1434.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-24 14:27:03 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,263 Files scanned . . . . : 5,263 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 489.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2280 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160126_1041.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-26 10:34:10 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,135 Files scanned . . . . : 5,135 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160129_2152.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-29 21:40:52 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,179 Files scanned . . . . : 5,179 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 495.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1992 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160130_1057.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-30 10:53:45 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,145 Files scanned . . . . : 5,145 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 495.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7048 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160131_0648.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-01-31 03:41:41 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,050 Files scanned . . . . : 5,050 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 496.3 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2236 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160202_2133.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-02 21:19:36 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 54s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,230 Files scanned . . . . : 5,230 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 499.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160204_1349.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-04 13:45:09 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,385 Files scanned . . . . : 5,385 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 500.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160206_2100.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-06 20:50:17 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,169 Files scanned . . . . : 5,169 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 503.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6700 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160207_2027.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-07 20:19:31 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,058 Files scanned . . . . : 5,058 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 504.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1740 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160208_2017.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-08 20:09:57 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,080 Files scanned . . . . : 5,080 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 505.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160209_2057.log [code] HitmanPro 3.7.12.253 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-09 20:49:33 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,118 Files scanned . . . . : 5,118 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 506.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160211_2113.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-11 21:07:12 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 5s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,052 Files scanned . . . . : 5,052 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 508.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160212_0013.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-12 00:06:56 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 2s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,028 Files scanned . . . . : 5,028 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 508.2 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1696 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160212_1403.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-12 13:57:04 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,231 Files scanned . . . . : 5,231 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 508.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160213_1605.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-13 16:01:19 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,258 Files scanned . . . . : 5,258 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 509.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 632 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160220_2333.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-20 23:13:57 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,408 Files scanned . . . . : 5,408 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 517.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2576 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160221_2102.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-21 20:57:50 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,233 Files scanned . . . . : 5,233 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 518.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160223_2039.log [code] HitmanPro 3.7.12.256 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-23 20:29:26 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,243 Files scanned . . . . : 5,243 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 520.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160226_2141.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-26 21:30:08 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,302 Files scanned . . . . : 5,302 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 523.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160228_2036.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-02-28 20:11:45 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,348 Files scanned . . . . : 5,348 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 525.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160301_2101.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-01 20:57:30 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,332 Files scanned . . . . : 5,332 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 527.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4168 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160311_2201.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-11 21:48:18 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,115 Files scanned . . . . : 5,115 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 537.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2000 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160312_2110.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-12 21:03:59 Scan mode . . . . . . : Quick (cancelled by user) Scan duration . . . . : 6m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,168 Files scanned . . . . : 5,168 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 538.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1544 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160318_2230.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-18 22:11:23 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,256 Files scanned . . . . : 5,256 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 544.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1780 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160320_1832.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-20 18:23:24 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,249 Files scanned . . . . : 5,249 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 545.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160322_2002.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-22 19:51:35 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 34s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,205 Files scanned . . . . : 5,205 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 548.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1844 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160323_1910.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-23 19:01:59 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,140 Files scanned . . . . : 5,140 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 549.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1236 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160324_1525.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-24 15:09:41 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,169 Files scanned . . . . : 5,169 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 549.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1856 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160325_2233.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-25 22:27:16 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,286 Files scanned . . . . : 5,286 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160327_1617.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-27 16:09:55 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,390 Files scanned . . . . : 5,390 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 552.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1064 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160328_2243.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-28 22:36:13 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,223 Files scanned . . . . : 5,223 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 554.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1396 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160331_1950.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-31 19:41:00 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,224 Files scanned . . . . : 5,224 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160331_2120.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-03-31 20:53:23 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,076 Files scanned . . . . : 5,076 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 557.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1476 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160401_0031.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-01 00:21:44 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,105 Files scanned . . . . : 5,105 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 557.2 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1592 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160401_0719.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-01 07:14:46 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,071 Files scanned . . . . : 5,071 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 557.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6156 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160401_2032.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-01 20:25:53 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,109 Files scanned . . . . : 5,109 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 558.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1112 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160402_2147.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-02 21:42:39 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 39s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,204 Files scanned . . . . : 5,204 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160403_1643.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-03 16:39:45 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,170 Files scanned . . . . : 5,170 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 559.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6112 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160403_2315.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-03 23:04:36 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,105 Files scanned . . . . : 5,105 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 560.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1524 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160405_2004.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-05 19:57:45 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,104 Files scanned . . . . : 5,104 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 562.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6396 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160409_2105.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-09 09:59:01 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,232 Files scanned . . . . : 5,232 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 565.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4836 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160410_1921.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-10 19:18:35 Scan mode . . . . . . : Quick Scan duration . . . . : 2m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,226 Files scanned . . . . : 5,226 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160413_2055.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-13 20:46:38 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 10s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,244 Files scanned . . . . : 5,244 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 570.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6096 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160416_0825.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-16 08:01:24 Scan mode . . . . . . : Quick Scan duration . . . . : 14m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,395 Files scanned . . . . : 5,395 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 572.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7512 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160417_1600.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-17 15:52:14 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,224 Files scanned . . . . : 5,224 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160423_1836.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-23 18:24:50 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,404 Files scanned . . . . : 5,404 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 579.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7036 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160423_1907.log [code] HitmanPro 3.7.13.258 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-04-23 18:58:28 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,135 Files scanned . . . . : 5,135 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 580.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1752 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160501_2040.log [code] HitmanPro 3.7.14.263 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-01 20:33:35 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,255 Files scanned . . . . : 5,255 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160503_2029.log [code] HitmanPro 3.7.14.263 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-03 20:03:11 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 0s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,238 Files scanned . . . . : 5,238 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 590.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6340 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160504_2251.log [code] HitmanPro 3.7.14.263 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-04 22:45:18 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,247 Files scanned . . . . : 5,247 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160511_2002.log [code] HitmanPro 3.7.14.263 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-11 19:48:22 Scan mode . . . . . . : Quick Scan duration . . . . : 14m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,276 Files scanned . . . . : 5,276 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 598.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 9224 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160515_1947.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-14 10:55:16 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 50s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 4,993 Files scanned . . . . : 4,993 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 600.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1324 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160522_2000.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-22 19:48:32 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,129 Files scanned . . . . : 5,129 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 609.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1460 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160526_2155.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-26 21:48:27 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,250 Files scanned . . . . : 5,250 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 613.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1500 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160527_2145.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-27 21:37:20 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 16s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,207 Files scanned . . . . : 5,207 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160528_2020.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-28 20:08:52 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,108 Files scanned . . . . : 5,108 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 615.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1436 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160529_2001.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-29 19:49:29 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 44s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,181 Files scanned . . . . : 5,181 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 616.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2000 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160531_1934.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-05-31 19:09:51 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 0s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,155 Files scanned . . . . : 5,155 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 618.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1612 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160601_1412.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-01 14:08:26 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,251 Files scanned . . . . : 5,251 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 618.8 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 6764 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160602_1944.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-02 19:34:19 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 2s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,408 Files scanned . . . . : 5,408 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 620.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1632 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160603_2025.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-03 18:40:27 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,227 Files scanned . . . . : 5,227 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 620.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7344 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160605_1649.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-05 16:39:49 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,262 Files scanned . . . . : 5,262 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 622.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 8080 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160606_2035.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-06 20:26:22 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,278 Files scanned . . . . : 5,278 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160607_1954.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-07 19:48:16 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 50s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,228 Files scanned . . . . : 5,228 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160610_1952.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-10 19:46:18 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,273 Files scanned . . . . : 5,273 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160611_0854.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-11 08:18:04 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 0s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 5,189 Files scanned . . . . : 5,189 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 628.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1296 Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. This program is actively listening for inbound network connections. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160611_2328.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-11 23:22:35 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 51s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,122 Files scanned . . . . : 5,122 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160612_0922.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-12 09:11:54 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,175 Files scanned . . . . : 5,175 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 629.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1776 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160614_1017.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-14 10:12:45 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,242 Files scanned . . . . : 5,242 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160616_1409.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-16 14:01:51 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,253 Files scanned . . . . : 5,253 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160619_2030.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-19 20:21:31 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,389 Files scanned . . . . : 5,389 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 637.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 9732 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160622_2126.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-22 21:17:14 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,242 Files scanned . . . . : 5,242 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 640.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5664 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160625_2231.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-25 22:21:24 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,236 Files scanned . . . . : 5,236 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 643.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 8928 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160625_2256.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-25 22:47:03 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,126 Files scanned . . . . : 5,126 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160626_2136.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-26 21:27:01 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,211 Files scanned . . . . : 5,211 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160627_2234.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-27 22:23:51 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 3 Objects scanned . . . : 5,291 Files scanned . . . . : 5,291 Remnants scanned . . : 0 files / 0 keys Suspicious files ____________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 645.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1796 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160628_1910.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-06-28 19:05:24 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 25s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,130 Files scanned . . . . : 5,130 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160803_1058.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-03 10:39:34 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,163 Files scanned . . . . : 5,163 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 681.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1888 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160803_2221.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-03 20:02:44 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 4,951 Files scanned . . . . : 4,951 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 682.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 2032 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160804_2123.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-04 21:10:53 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 49s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,223 Files scanned . . . . : 5,223 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 683.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160805_2243.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-05 19:15:54 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 25s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,149 Files scanned . . . . : 5,149 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 684.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160806_1426.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-06 14:03:06 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,008 Files scanned . . . . : 5,008 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 684.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1872 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160807_2126.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-07 21:18:06 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 1s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,177 Files scanned . . . . : 5,177 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 686.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160808_1950.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-08 19:42:10 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 21s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 4,884 Files scanned . . . . : 4,884 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 687.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7424 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160809_1234.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-09 12:23:34 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,153 Files scanned . . . . : 5,153 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 687.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160811_2210.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-11 22:01:47 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,276 Files scanned . . . . : 5,276 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 690.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1972 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160812_2355.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-12 23:42:22 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 30s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,248 Files scanned . . . . : 5,248 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 691.2 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1736 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160813_2127.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-13 21:18:21 Scan mode . . . . . . : Quick Scan duration . . . . : 8m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,176 Files scanned . . . . : 5,176 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 692.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160814_1654.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-14 16:40:01 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,193 Files scanned . . . . : 5,193 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 692.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7072 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160814_1953.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-14 19:46:33 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 23s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,150 Files scanned . . . . : 5,150 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 693.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1800 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160814_2109.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-14 20:54:14 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 43s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 5 Objects scanned . . . : 4,953 Files scanned . . . . : 4,953 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 693.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1824 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Suspicious files ____________________________________________________________ C:\WINDOWS\system32\drivers\mbam.sys Size . . . . . . . : 65,408 bytes Age . . . . . . . : -0.0 days (2016-08-14 20:55:41) Entropy . . . . . : 6.3 SHA-256 . . . . . : E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E Product . . . . . : Malwarebytes Web Access Control Publisher . . . . : Malwarebytes Corporation Description . . . : Malwarebytes Web Access Control Version . . . . . : 1.0.6.0 Copyright . . . . : © Malwarebytes Corporation. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 46.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. C:\WINDOWS\system32\drivers\mwac.sys Size . . . . . . . : 140,672 bytes Age . . . . . . . : -0.0 days (2016-08-14 20:55:41) Entropy . . . . . : 6.5 SHA-256 . . . . . : 67A4F1C8BA77502404629C3411BA76729435012CFA6D7794C46F31BBC118064E Product . . . . . : Malwarebytes Chameleon Publisher . . . . : Malwarebytes Description . . . : Malwarebytes Chameleon Protection Driver Version . . . . . : 1.1.22.0 Copyright . . . . : © Malwarebytes. All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 46.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160814_2203.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-14 21:59:29 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 7s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,089 Files scanned . . . . : 5,089 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 693.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160815_2156.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-15 21:45:16 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,244 Files scanned . . . . : 5,244 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 694.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1464 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160819_0956.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-19 09:45:12 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,304 Files scanned . . . . : 5,304 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 697.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3148 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160831_0932.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-08-31 09:19:07 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,525 Files scanned . . . . : 5,525 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 709.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 4868 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160902_2133.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-02 21:07:13 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 18s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,245 Files scanned . . . . : 5,245 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 712.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 7444 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160903_2051.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-03 20:40:57 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,112 Files scanned . . . . : 5,112 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 713.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1412 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160908_1956.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-08 19:50:47 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,237 Files scanned . . . . : 5,237 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 718.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160908_2224.log [code] HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-08 21:55:35 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 56s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,138 Files scanned . . . . : 5,138 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 718.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1360 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160911_2147.log [code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-11 21:43:08 Scan mode . . . . . . : Quick Scan duration . . . . : 4m 10s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,171 Files scanned . . . . : 5,171 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 721.1 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 3864 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160917_1008.log [code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-17 09:47:09 Scan mode . . . . . . : Quick Scan duration . . . . : 14m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,301 Files scanned . . . . : 5,301 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 726.6 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 5648 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160917_2020.log [code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-17 16:48:03 Scan mode . . . . . . : Quick Scan duration . . . . : 6m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,094 Files scanned . . . . : 5,094 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 726.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160918_1222.log [code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-18 12:09:57 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 59s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 3 Objects scanned . . . : 5,166 Files scanned . . . . : 5,166 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 727.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1860 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160920_2022.log [code] HitmanPro 3.7.14.276 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-20 20:12:32 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,275 Files scanned . . . . : 5,275 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 730.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 928 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 126.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Network Ports 0.0.0.0:1688 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160924_2052.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-24 20:18:01 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 20s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 4 Objects scanned . . . : 5,350 Files scanned . . . . : 5,350 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 734.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ihctrl32.dll Size . . . . . . . : 616,448 bytes Age . . . . . . . : 7.4 days (2016-09-17 10:49:48) Entropy . . . . . : 7.7 SHA-256 . . . . . : D0F8ECF369A438CA78BEA48FB5ED7232A5FAB2D9BC1B26D0503EAF0C1495D2A7 Service . . . . . : ihctrl32 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Starts automatically as a service during system bootup. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Time indicates that the file appeared recently on this computer. Startup HKLM\SYSTEM\CurrentControlSet\Services\ihctrl32\ [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160926_1416.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-26 13:59:08 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 6 Objects scanned . . . : 5,200 Files scanned . . . . : 5,200 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 735.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1640 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 9.1 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ihctrl32.dll Size . . . . . . . : 616,448 bytes Age . . . . . . . : 9.1 days (2016-09-17 10:49:48) Entropy . . . . . : 7.7 SHA-256 . . . . . : D0F8ECF369A438CA78BEA48FB5ED7232A5FAB2D9BC1B26D0503EAF0C1495D2A7 Service . . . . . : ihctrl32 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Starts automatically as a service during system bootup. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Time indicates that the file appeared recently on this computer. Startup HKLM\SYSTEM\CurrentControlSet\Services\ihctrl32\ [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160927_1814.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-27 18:02:47 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 33s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 3 Objects scanned . . . : 5,315 Files scanned . . . . : 5,315 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 736.9 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 10.3 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160927_2028.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-27 20:18:31 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 5,205 Files scanned . . . . : 5,205 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 737.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1496 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 10.4 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160928_1324.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-28 13:14:09 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 57s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 3 Objects scanned . . . : 5,266 Files scanned . . . . : 5,266 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 737.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 11.1 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160929_1353.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-29 13:43:38 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 3 Objects scanned . . . : 5,123 Files scanned . . . . : 5,123 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 738.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS LanguageID . . . . : 0 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 116.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 12.1 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20160930_2108.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-09-30 20:49:43 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 5,164 Files scanned . . . . : 5,164 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 740.0 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1408 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 13.4 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161003_0916.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-03 09:06:13 Scan mode . . . . . . : Quick Scan duration . . . . : 9m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 6 Objects scanned . . . : 5,257 Files scanned . . . . : 5,257 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 742.5 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1804 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 15.9 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 Suspicious files ____________________________________________________________ C:\WINDOWS\system32\drivers\aswRvrt.sys Size . . . . . . . : 74,544 bytes Age . . . . . . . : -0.0 days (2016-10-03 09:08:10) Entropy . . . . . : 6.4 SHA-256 . . . . . : 7F67252BE1B9979507F16C8B48D6B2D103B80C4B0765ED3E495DE48E5250EF63 Product . . . . . : Avast Antivirus Publisher . . . . : AVAST Software Description . . . : avast! Revert Version . . . . . : 12.1.3076.0 Copyright . . . . : Copyright (c) 2014 AVAST Software LanguageID . . . . : 1033 Fuzzy . . . . . . : 46.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. C:\WINDOWS\system32\drivers\aswvmm.sys Size . . . . . . . : 292,704 bytes Age . . . . . . . : -0.0 days (2016-10-03 09:08:11) Entropy . . . . . : 5.6 SHA-256 . . . . . : 1D81CAF4EBAB4A9FE542F9C27D67617530295B889E3E2B2C72C669BA55078364 Product . . . . . : Avast Antivirus Publisher . . . . : AVAST Software Description . . . : avast! VM Monitor Version . . . . . : 12.1.3076.11 Copyright . . . . : Copyright (c) 2014 AVAST Software LanguageID . . . . : 1033 Fuzzy . . . . . . : 46.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161003_1321.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-03 13:02:32 Scan mode . . . . . . : Quick Scan duration . . . . : 17m 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 4,983 Files scanned . . . . : 4,983 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 742.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1400 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.1 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161003_1349.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-03 13:36:45 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 4 Objects scanned . . . : 5,052 Files scanned . . . . : 5,052 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\Windows\AutoKMS\AutoKMS.exe Size . . . . . . . : 3,732,480 bytes Age . . . . . . . : 742.7 days (2014-09-21 19:59:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 1E2729D3B18F8C9D444FA1FEF40C9FA5C3D997450D7F1A91A79E2F012BE27344 Needs elevation . : Yes Product . . . . . : AutoKMS Parent Name . . . : C:\WINDOWS\system32\svchost.exe LanguageID . . . . : 0 Running processes : 1400 > HitmanPro . . . . : App/Generic-DJ Fuzzy . . . . . . : 122.0 Startup C:\WINDOWS\system32\Tasks\AutoKMS C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.1 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161003_1506.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-03 14:39:31 Scan mode . . . . . . : Quick Scan duration . . . . : 11m 8s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,010 Files scanned . . . . : 5,010 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.2 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161003_2055.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-03 19:57:44 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,187 Files scanned . . . . : 5,187 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.4 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161004_0701.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-04 06:48:35 Scan mode . . . . . . : Quick Scan duration . . . . : 12m 27s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,091 Files scanned . . . . : 5,091 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.8 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161004_1039.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-04 09:34:47 Scan mode . . . . . . : Normal Scan duration . . . . : 17m 40s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 112 Objects scanned . . . : 1,899,024 Files scanned . . . . : 59,329 Remnants scanned . . : 442,888 files / 1,396,807 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 16.9 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 Suspicious files ____________________________________________________________ C:\Users\USER\Desktop\FRST64.exe Size . . . . . . . : 2,404,864 bytes Age . . . . . . . : 0.9 days (2016-10-03 11:56:04) Entropy . . . . . : 7.6 SHA-256 . . . . . : 10CF66214D360DEF389C3643EEB88335164DF827A5EEB4EA24D3CBCB6B01AC9B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\USER\Downloads\FRST64.exe Size . . . . . . . : 2,404,864 bytes Age . . . . . . . : 0.9 days (2016-10-03 11:49:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 10CF66214D360DEF389C3643EEB88335164DF827A5EEB4EA24D3CBCB6B01AC9B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Cookies _____________________________________________________________________ C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:adzerk.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:apex.go.sonobi.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:bitdefender.tt.omtrdc.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:domdex.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.adzerk.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:kau.li C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.d2.sc.omtrdc.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161004_1527.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-04 14:58:24 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 15s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,079 Files scanned . . . . : 5,079 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 17.2 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161004_2053.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-04 16:27:36 Scan mode . . . . . . : Quick Scan duration . . . . : 5m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,159 Files scanned . . . . : 5,159 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 17.2 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161005_0650.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-05 06:35:12 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,105 Files scanned . . . . : 5,105 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWOW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 17.8 days (2016-09-17 10:49:48) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 109.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161006_0644.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-06 06:34:24 Scan mode . . . . . . : Quick Scan duration . . . . : 10m 9s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,178 Files scanned . . . . : 5,178 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161006_0731.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-06 06:50:15 Scan mode . . . . . . : Normal Scan duration . . . . : 23m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 1,959,386 Files scanned . . . . : 58,368 Remnants scanned . . : 436,776 files / 1,464,242 keys Suspicious files ____________________________________________________________ C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\IO844Z9H\FRST64[1].exe Size . . . . . . . : 2,405,376 bytes Age . . . . . . . : 1.0 days (2016-10-05 07:37:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 74A30ABB1EDB9EF68C38FD39E5DE9707B2B52BDC0B614B3F9AFC2602D3A718E5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.4s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCookies\8JGSDNE5.txt -0.4s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\3KUCK2QI\82[1].htm -0.3s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\H28ISOKE\FRST64[1].exe 0.0s C:\Users\USER\Desktop\FRST64.exe 0.0s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\IO844Z9H\FRST64[1].exe C:\Users\USER\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,404,864 bytes Age . . . . . . . : 2.8 days (2016-10-03 11:56:04) Entropy . . . . . : 7.6 SHA-256 . . . . . : 619A0964AE0899EBD470560C8B93914D73C2B183A75BD83686417A4ECB4A2655 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\USER\Desktop\FRST64.exe Size . . . . . . . : 2,405,376 bytes Age . . . . . . . : 1.0 days (2016-10-05 07:37:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 74A30ABB1EDB9EF68C38FD39E5DE9707B2B52BDC0B614B3F9AFC2602D3A718E5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.4s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCookies\8JGSDNE5.txt -0.4s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\3KUCK2QI\82[1].htm -0.3s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\H28ISOKE\FRST64[1].exe 0.0s C:\Users\USER\Desktop\FRST64.exe 0.0s C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE\IO844Z9H\FRST64[1].exe C:\Users\USER\Downloads\FRST64.exe Size . . . . . . . : 2,404,864 bytes Age . . . . . . . : 2.8 days (2016-10-03 11:49:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 10CF66214D360DEF389C3643EEB88335164DF827A5EEB4EA24D3CBCB6B01AC9B Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161007_0707.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.10586.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-07 06:59:46 Scan mode . . . . . . : Quick Scan duration . . . . : 7m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,243 Files scanned . . . . : 5,243 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161010_1952.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-10 19:35:13 Scan mode . . . . . . : Quick Scan duration . . . . : 17m 7s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,299 Files scanned . . . . : 5,299 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161011_1632.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-11 16:19:06 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,352 Files scanned . . . . : 5,352 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161013_1406.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-13 13:48:28 Scan mode . . . . . . : Quick Scan duration . . . . : 17m 32s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 5,495 Files scanned . . . . : 5,495 Remnants scanned . . : 0 files / 0 keys [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161014_2204.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-14 21:44:12 Scan mode . . . . . . : Quick Scan duration . . . . : 19m 12s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 2 Objects scanned . . . : 5,417 Files scanned . . . . : 5,417 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWoW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 0.0 days (2016-10-14 21:35:16) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 110.0 Suspicious files ____________________________________________________________ C:\WINDOWS\system32\drivers\aswVmm.sys Size . . . . . . . : 292,704 bytes Age . . . . . . . : 735.1 days (2014-10-10 19:02:59) Entropy . . . . . : 5.6 SHA-256 . . . . . : 474B10F03F991FEFC5FDE512F1EA73FE903D2F145393F1EB3E2D5CC9E44E6F3E Product . . . . . : Avast Antivirus Publisher . . . . : AVAST Software Description . . . : avast! VM Monitor Version . . . . . : 12.3.3154.0 Copyright . . . . : Copyright (c) 2014 AVAST Software LanguageID . . . . : 1033 Fuzzy . . . . . . : 42.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161016_2134.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-16 21:18:05 Scan mode . . . . . . : Quick Scan duration . . . . : 13m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,317 Files scanned . . . . : 5,317 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWoW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 2.0 days (2016-10-14 21:35:16) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 110.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161017_2122.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-17 21:06:36 Scan mode . . . . . . : Quick Scan duration . . . . : 15m 46s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,286 Files scanned . . . . : 5,286 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWoW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 3.0 days (2016-10-14 21:35:16) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 110.0 [/code] C:\ProgramData\HitmanPro\Logs\HitmanPro_20161018_1908.log [code] HitmanPro 3.7.14.280 www.hitmanpro.com Computer name . . . . : DELL Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : DELL\USER UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2016-10-18 18:39:03 Scan mode . . . . . . : Quick Scan duration . . . . : 14m 14s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 1 Objects scanned . . . : 5,335 Files scanned . . . . : 5,335 Remnants scanned . . : 0 files / 0 keys Malware _____________________________________________________________________ C:\WINDOWS\SysWoW64\fdclient.dll Size . . . . . . . : 125,440 bytes Age . . . . . . . : 3.9 days (2016-10-14 21:35:16) Entropy . . . . . : 6.8 SHA-256 . . . . . : B0FC62EBAB68ABB99E795D983FD898CE63B3FC5B8F43E214A3CB859E6A566EC1 > Bitdefender . . . : Gen:Variant.Symmi.67693 Fuzzy . . . . . . : 110.0 [/code] ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {77EA45D4-CD13-4FC8-AB5E-1EE866403539} canceled. 1 out of 1 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24435550 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 84327140 B Edge => 0 B Chrome => 294469226 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 4050 B NetworkService => 0 B USER => 53661420 B RecycleBin => 0 B EmptyTemp: => 435.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:11:41 ====