[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : HARING-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Haring-PC\Haring UAC . . . . . . . . . : Enabled License . . . . . . . : Paid (348 days left) Scan date . . . . . . : 2017-09-09 20:55:50 Scan mode . . . . . . : Normal Scan duration . . . . : 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 88 Objects scanned . . . : 1.366.330 Files scanned . . . . : 31.448 Remnants scanned . . : 243.164 files / 1.091.718 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8007884C80 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880048892F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920 Solution DriverObject . . . : FFFFFA8007884C80 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880010016C0 \SystemRoot\system32\DRIVERS\storport.sys+5824 Suspicious files ____________________________________________________________ C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys Size . . . . . . . : 44.928 bytes Age . . . . . . . : 0.4 days (2017-09-09 11:06:56) Entropy . . . . . : 6.5 SHA-256 . . . . . : AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC Product . . . . . : Microsoft Malware Protection Publisher . . . . : Microsoft Corporation Description . . . : KSLDriver Version . . . . . : 1.2.1003.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : MpKsldcc254ef LanguageID . . . . : 1033 Fuzzy . . . . . . : 47.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is a device driver. Device drivers run as trusted (highly privileged) code. Startup HKLM\SYSTEM\CurrentControlSet\Services\MpKsldcc254ef\ Forensic Cluster -13.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpasdlta.vdm -13.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpavdlta.vdm -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\ -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpengine.dll -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.20 -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.55 -8.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.67 -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.79 -5.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7C -5.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7E -5.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.80 -4.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.87 -4.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.A0 -4.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.83 -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.CE -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.5B -4.2s C:\Windows\Prefetch\AM_DELTA_PATCH_1.251.663.0.EX-63244148.pf 0.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys Cookies _____________________________________________________________________ C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:254a.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:acuityplatform.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ad.360yield.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adaptv.advertising.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adbrn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:addthis.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adfarm1.adition.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adgrx.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adhigh.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adingo.jp C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adnxs.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.linkedin.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ads.stickyadstv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adscience.nl C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adserving.ancoraplatform.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsrvr.org C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adsymptotic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adtech.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:advertising.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:adx.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:agkn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:angsrvr.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:atdmt.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:basebanner.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidr.io C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:bidswitch.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:casalemedia.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:connexity.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:contextweb.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ctnsnet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:de17a.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dlx.addthis.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dotomi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:doubleclick.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:dpm.demdex.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:erne.co C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:everesttech.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:eyereturn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:flashtalking.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:go.sonobi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:gwallet.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ibillboard.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ih.adscale.de C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ipredictive.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:krxd.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:legolas-media.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:m6r.eu C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:match.adsby.bidtheatre.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mathtag.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:ml314.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mookie1.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:mxptint.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:openx.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:optimatic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:outbrain.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:owneriq.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pixel.rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pool.admedo.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:postrelease.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:pubmatic.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:revsci.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rfihub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rlcdn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:scorecardresearch.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:simpli.fi C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sitescout.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:skimresources.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:smartadserver.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:switchadhub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sxp.smartclip.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:sync.go.sonobi.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:taboola.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tap2-cdn.rubiconproject.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tapad.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tidaltv.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:track.adform.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:trc.taboola.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tremorhub.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:tribalfusion.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:turn.com C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:w55c.net C:\Users\Haring\AppData\Roaming\Mozilla\Firefox\Profiles\2lxkhezm.default-1492765213492\cookies.sqlite:yieldlab.net [/code]