TechSpot

HSMGR C:/windows/syswow64/exmgr.exe

By konc3pt
Nov 30, 2013
  1. Malwarebytes and Trend Micro titanium maximum security 2014 doesn't detect it as a threat, but my google search of the file says it's a harmful file. This is a new install on a sdd about a week old. I only use the sdd to run gaming (TS3, Steam and origin). I run Malwarebytes on this drive but not the trend micro. Anything else I do other than game and basic internet searches, I use my HDD.

    How can I remove this file?

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.26.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Jam Master Jay :: SSD [administrator]

    Protection: Enabled

    11/30/2013 1:49:20 PM
    mbam-log-2013-11-30 (13-49-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206597
    Time elapsed: 1 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428
    Run by Jam Master Jay at 13:45:50 on 2013-11-30
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16328.14265 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\msconfig.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{078DDAA6-BC88-44B2-A58F-6EEFBB3B0B66} : DHCPNameServer = 192.168.1.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [Cm6620Sound] C:\Program Files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe /h /d
    x64-Run: [EX_Hook] C:\Windows\syswow64\ExMgr.exe Envoke
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-26 82560]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-26 42624]
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-11-25 171688]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-26 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-11-25 46136]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-26 56448]
    R3 USBUAA;USB Audio Class 2.0 Device Driver;C:\Windows\System32\drivers\USBUAA.SYS [2011-9-6 140544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 ATLOISAService;ATLOISAService;C:\Windows\SysWOW64\ATLOISAService.exe [2013-11-27 512000]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-26 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-25 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-25 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-25 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-26 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-11-29 21:14:4510285968----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE212D5A-688C-4397-AD71-C6884B0B6EBE}\mpengine.dll
    2013-11-27 20:14:01--------d-----w-C:\ProgramData\FaceLift
    2013-11-27 20:13:5197280------w-C:\Windows\SysWow64\atl80.dll
    2013-11-27 20:13:5186016------w-C:\Windows\SysWow64\ExSrv2.dll
    2013-11-27 20:13:5186016------w-C:\Windows\SysWow64\ExSrv.dll
    2013-11-27 20:13:51751104------w-C:\Windows\SysWow64\CMAPOMain.dll
    2013-11-27 20:13:51722432------w-C:\Windows\SysWow64\CMXearSingFX.dll
    2013-11-27 20:13:51691712------w-C:\Windows\SysWow64\CMXearLiving10.dll
    2013-11-27 20:13:51632656------w-C:\Windows\SysWow64\msvcr80.dll
    2013-11-27 20:13:51512000------w-C:\Windows\SysWow64\ATLOISAService.exe
    2013-11-27 20:13:51204800------w-C:\Windows\SysWow64\ExMgr.exe
    2013-11-27 20:13:511942528------w-C:\Windows\SysWow64\CMXearSurr.dll
    2013-11-27 20:13:50804352------w-C:\Windows\System32\Cmeau6620.exe
    2013-11-27 20:13:50--------d-----w-C:\Program Files\ROG Thunderbolt Audio
    2013-11-27 16:43:00--------d-----w-C:\Windows\SysWow64\RTCOM
    2013-11-27 16:33:53757760----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2013-11-27 16:33:5369715----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2013-11-27 16:33:5365024----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2013-11-27 16:33:535632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2013-11-27 16:33:5332768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2013-11-27 16:33:53274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2013-11-27 16:33:53204800----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2013-11-27 16:33:52331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2013-11-27 16:33:52200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2013-11-27 06:36:51--------d-----w-C:\Program Files (x86)\Realtek
    2013-11-27 03:14:03--------d-----w-C:\Program Files\Realtek
    2013-11-27 03:13:281698408----a-w-C:\Windows\RtlExUpd.dll
    2013-11-27 03:13:28--------d--h--w-C:\Program Files (x86)\Temp
    2013-11-26 20:20:26--------d-----w-C:\Users\Jam Master Jay\AppData\Local\PunkBuster
    2013-11-26 20:13:29--------d-----w-C:\Windows\Migration
    2013-11-26 18:25:09--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\TS3Client
    2013-11-26 15:31:43--------d-----w-C:\Users\Jam Master Jay\AppData\Local\ESN
    2013-11-26 09:57:13--------d--h--w-C:\Program Files (x86)\Common Files\EAInstaller
    2013-11-26 09:57:11--------d-----w-C:\Program Files (x86)\Battlelog Web Plugins
    2013-11-26 07:39:4499840----a-w-C:\Windows\System32\drivers\usbccgp.sys
    2013-11-26 07:39:447808----a-w-C:\Windows\System32\drivers\usbd.sys
    2013-11-26 07:39:4452736----a-w-C:\Windows\System32\drivers\usbehci.sys
    2013-11-26 07:39:44343040----a-w-C:\Windows\System32\drivers\usbhub.sys
    2013-11-26 07:39:44325120----a-w-C:\Windows\System32\drivers\usbport.sys
    2013-11-26 07:39:4430720----a-w-C:\Windows\System32\drivers\usbuhci.sys
    2013-11-26 07:39:4425600----a-w-C:\Windows\System32\drivers\usbohci.sys
    2013-11-26 07:12:09--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Programs
    2013-11-26 06:59:36--------d-----w-C:\CIMTEMP
    2013-11-26 06:54:27--------d-----w-C:\Program Files (x86)\ASM104xUSB3
    2013-11-26 06:52:07--------d-----w-C:\GvTemp
    2013-11-26 06:47:30--------d-----w-C:\Program Files (x86)\Common Files\ASUS MultiFrame
    2013-11-26 06:47:30--------d-----w-C:\Program Files (x86)\ASUS
    2013-11-26 06:44:41--------d-----w-C:\Program Files (x86)\AMD AVT
    2013-11-26 06:40:2356448----a-w-C:\Windows\System32\drivers\usbfilter.sys
    2013-11-26 06:40:2082560----a-w-C:\Windows\System32\drivers\amd_sata.sys
    2013-11-26 06:40:2042624----a-w-C:\Windows\System32\drivers\amd_xata.sys
    2013-11-26 06:40:0316896----a-w-C:\Windows\AsTaskSched.dll
    2013-11-26 06:39:51296320----a-w-C:\Windows\System32\drivers\volsnap.sys
    2013-11-26 06:20:47--------d-----w-C:\Users\Jam Master Jay\AppData\Local\AMD
    2013-11-26 06:20:37--------d-----w-C:\Users\Jam Master Jay\AppData\Local\ATI
    2013-11-26 06:19:550----a-w-C:\Windows\ativpsrm.bin
    2013-11-26 04:32:16--------d-----w-C:\Windows\Panther
    2013-11-26 02:59:03--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\Malwarebytes
    2013-11-26 02:59:022560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-11-26 02:58:5838224----a-w-C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2013-11-26 02:58:58--------d-----w-C:\ProgramData\Malwarebytes
    2013-11-26 02:58:5525928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-11-26 02:58:55--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-11-26 02:42:23--------d-----w-C:\Users\Jam Master Jay\AppData\Local\TeamSpeak 3 Client
    2013-11-26 02:36:19--------d-----w-C:\Program Files\AMD
    2013-11-26 02:36:19--------d-----w-C:\Program Files (x86)\AMD
    2013-11-26 02:36:18--------d-----w-C:\Program Files (x86)\AMD APP
    2013-11-26 02:36:17--------d-----w-C:\Program Files\Common Files\ATI Technologies
    2013-11-26 02:36:17--------d-----w-C:\Program Files (x86)\Common Files\ATI Technologies
    2013-11-26 02:36:0446136----a-w-C:\Windows\System32\drivers\amdiox64.sys
    2013-11-26 02:36:04--------d-----w-C:\ProgramData\AMD
    2013-11-26 02:35:53--------d-----w-C:\Program Files (x86)\ATI Technologies
    2013-11-26 02:35:46--------d-----w-C:\Program Files\ATI Technologies
    2013-11-26 02:35:44--------d-----w-C:\Program Files\ATI
    2013-11-26 02:35:00--------d-----w-C:\AMD
    2013-11-26 02:33:05--------d-----w-C:\Program Files (x86)\Origin Games
    2013-11-26 02:28:51--------d-----w-C:\Program Files (x86)\GIGABYTE
    2013-11-26 02:28:12--------d-----w-C:\NVIDIA
    2013-11-26 02:24:56--------d-----w-C:\Program Files\Epicgear
    2013-11-26 02:24:23--------d-----w-C:\Program Files (x86)\Epicgear
    2013-11-26 02:16:2587040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2013-11-26 02:16:2584992----a-w-C:\Windows\System32\WUDFSvc.dll
    2013-11-26 02:16:25744448----a-w-C:\Windows\System32\WUDFx.dll
    2013-11-26 02:16:2545056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2013-11-26 02:16:25229888----a-w-C:\Windows\System32\WUDFHost.exe
    2013-11-26 02:16:25198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2013-11-26 02:16:25194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2013-11-26 02:13:49--------d-----w-C:\Windows\System32\MRT
    2013-11-26 02:09:3981408----a-w-C:\Windows\System32\imagehlp.dll
    2013-11-26 02:09:395120----a-w-C:\Windows\SysWow64\wmi.dll
    2013-11-26 02:09:395120----a-w-C:\Windows\System32\wmi.dll
    2013-11-26 02:09:3923408----a-w-C:\Windows\System32\drivers\fs_rec.sys
    2013-11-26 02:09:39159232----a-w-C:\Windows\SysWow64\imagehlp.dll
    2013-11-26 02:04:5675776----a-w-C:\Windows\SysWow64\psisrndr.ax
    2013-11-26 02:03:5577312----a-w-C:\Windows\System32\packager.dll
    2013-11-26 02:03:5567072----a-w-C:\Windows\SysWow64\packager.dll
    2013-11-26 02:01:16--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\Origin
    2013-11-26 02:01:15--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Origin
    2013-11-26 02:00:32--------d-----w-C:\ProgramData\Origin
    2013-11-26 02:00:32--------d-----w-C:\ProgramData\Electronic Arts
    2013-11-26 02:00:21--------d-----w-C:\Program Files (x86)\Origin
    2013-11-26 01:59:31--------d-----w-C:\Program Files (x86)\Common Files\Steam
    2013-11-26 01:59:30--------d-----w-C:\Program Files (x86)\Steam
    2013-11-26 01:54:2710285968----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-11-26 01:53:32826880----a-w-C:\Windows\SysWow64\rdpcore.dll
    2013-11-26 01:53:3223552----a-w-C:\Windows\System32\drivers\tdtcp.sys
    2013-11-26 01:53:321031680----a-w-C:\Windows\System32\rdpcore.dll
    2013-11-26 01:52:042622464----a-w-C:\Windows\System32\wucltux.dll
    2013-11-26 01:52:0299840----a-w-C:\Windows\System32\wudriver.dll
    2013-11-26 01:52:0236864----a-w-C:\Windows\System32\wuapp.exe
    2013-11-26 01:52:02186752----a-w-C:\Windows\System32\wuwebv.dll
    2013-11-26 01:51:33--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Google
    2013-11-26 01:49:52171688----a-w-C:\Windows\System32\IPROSetMonitor.exe
    2013-11-26 01:49:46322760----a-r-C:\Windows\System32\PROUnstl.exe
    2013-11-26 01:49:1568264----a-w-C:\Windows\System32\e1qmsg.dll
    2013-11-26 01:49:1536472----a-w-C:\Windows\System32\NicCo36.dll
    2013-11-26 01:49:15336048----a-w-C:\Windows\System32\drivers\e1q62x64.sys
    2013-11-26 01:49:1398496----a-w-C:\Windows\System32\NicInstQ.dll
    2013-11-26 01:46:361860096----a-w-C:\Windows\System32\CMediaEffectAPO.dll
    2013-11-26 01:46:35359424------w-C:\Windows\System32\CmiInstallResAll64.dll
    2013-11-26 01:46:35178176----a-w-C:\Windows\System32\CMediaEffectPropPageExt.dll
    2013-11-26 01:46:20--------d-sh--w-C:\Windows\Installer
    .
    ==================== Find3M ====================
    .
    2013-11-30 06:33:08214392----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2013-11-30 05:11:03214392----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2013-11-27 06:38:0262464----a-w-C:\Windows\System32\CMEffectGFX.dll
    2013-11-27 06:38:0259392----a-w-C:\Windows\System32\CMEffectLFX.dll
    2013-11-27 06:38:0256832----a-w-C:\Windows\System32\CMMicEffectLFX.dll
    2013-11-27 06:38:02191488----a-w-C:\Windows\System32\CMEffectPropPage.dll
    2013-11-27 06:38:02140544----a-w-C:\Windows\System32\drivers\USBUAA.SYS
    2013-11-26 09:56:3676888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
    2013-11-11 10:50:16267936------w-C:\Windows\System32\MpSigStub.exe
    2013-10-12 02:30:42830464----a-w-C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21859648----a-w-C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08324096----a-w-C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08656896----a-w-C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25216576----a-w-C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25:351474048----a-w-C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:251168384----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31190464----a-w-C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17197120----a-w-C:\Windows\System32\credui.dll
    2013-10-04 02:24:491930752----a-w-C:\Windows\System32\authui.dll
    2013-10-04 01:58:50152576----a-w-C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25168960----a-w-C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:001796096----a-w-C:\Windows\SysWow64\authui.dll
    2013-10-03 02:23:48404480----a-w-C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44311808----a-w-C:\Windows\SysWow64\gdi32.dll
    2013-09-28 01:09:10497152----a-w-C:\Windows\System32\drivers\afd.sys
    2013-09-25 02:26:4095680----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40154560----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:3328672----a-w-C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33135680----a-w-C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:0128160----a-w-C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59340992----a-w-C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50307200----a-w-C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:071447936----a-w-C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:1796768----a-w-C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:2622016----a-w-C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24247808----a-w-C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42220160----a-w-C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:2430720----a-w-C:\Windows\System32\lsass.exe
    2013-09-12 02:21:54863344----a-w-C:\Windows\SysWow64\msvcr110_clr0400.dll
    2013-09-12 02:21:54501872----a-w-C:\Windows\SysWow64\msvcp110_clr0400.dll
    2013-09-12 02:21:5428776----a-w-C:\Windows\SysWow64\aspnet_counters.dll
    2013-09-12 02:21:5418000----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
    2013-09-12 00:39:06855664----a-w-C:\Windows\System32\msvcr110_clr0400.dll
    2013-09-12 00:39:06614000----a-w-C:\Windows\System32\msvcp110_clr0400.dll
    2013-09-12 00:39:0630312----a-w-C:\Windows\System32\aspnet_counters.dll
    2013-09-12 00:39:0618000----a-w-C:\Windows\System32\msvcr100_clr0400.dll
    2013-09-08 02:30:371903552----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14327168----a-w-C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58231424----a-w-C:\Windows\SysWow64\mswsock.dll
    .
    ============= FINISH: 13:46:02.42 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/25/2013 8:41:18 PM
    System Uptime: 11/30/2013 1:26:08 PM (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | Crosshair V Formula
    Processor: AMD FX(tm)-8150 Eight-Core Processor | AM3r2 | 3792/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 238 GiB total, 119.277 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 681.169 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 465.658 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 1397 GiB total, 1143.12 GiB free.
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: 690LC
    Device ID: USB\VID_2433&PID_B111\CCV_1.0
    Manufacturer:
    Name: 690LC
    PNP Device ID: USB\VID_2433&PID_B111\CCV_1.0
    Service:
    .
    Class GUID:
    Description: PowerPC Processor
    Device ID: PCI\VEN_1957&DEV_C006&SUBSYS_12011A56&REV_10\4&23984C36&0&0058
    Manufacturer:
    Name: PowerPC Processor
    PNP Device ID: PCI\VEN_1957&DEV_C006&SUBSYS_12011A56&REV_10\4&23984C36&0&0058
    Service:
    .
    Class GUID:
    Description: Neat Mobile Scanner
    Device ID: USB\VID_1F44&PID_0001\CN12B9100748
    Manufacturer:
    Name: Neat Mobile Scanner
    PNP Device ID: USB\VID_1F44&PID_0001\CN12B9100748
    Service:
    .
    ==== System Restore Points ===================
    .
    RP128: 11/13/2013 9:11:31 PM - Windows Update
    RP129: 11/17/2013 12:18:18 AM - Installed DirectX
    RP130: 11/22/2013 3:34:06 PM - Configured GIGABYTE OC_GURU II
    RP131: 11/22/2013 3:35:29 PM - Installed GIGABYTE OC_GURU II
    RP132: 11/22/2013 10:00:02 PM - Installed ASUS MultiFrame
    RP13: 11/26/2013 4:55:35 AM - Installed DirectX
    RP14: 11/26/2013 4:56:10 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    RP15: 11/26/2013 4:56:18 AM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    RP16: 11/26/2013 11:08:52 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    RP17: 11/26/2013 11:09:09 AM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    RP18: 11/26/2013 11:09:23 AM - Installed DirectX
    RP19: 11/26/2013 11:10:18 AM - Windows Update
    RP20: 11/26/2013 11:14:48 AM - Windows Update
    RP21: 11/26/2013 3:12:37 PM - Windows Update
    RP22: 11/26/2013 10:13:39 PM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
    RP23: 11/27/2013 1:40:00 AM - Removed ROG Thunderbolt Audio
    RP24: 11/27/2013 11:42:54 AM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
    RP25: 11/27/2013 3:14:04 PM - Installed ROG Thunderbolt Audio
    RP26: 11/29/2013 4:14:29 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Asmedia ASM106x SATA Host Controller Driver
    ASUS MultiFrame
    Battlefield 4™
    Battlelog Web Plugins
    Call of Duty: Black Ops II - Multiplayer
    Call of Duty: Black Ops II - Zombies
    Call of Duty: Ghosts - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    EpicGear Meduza HDST Mouse
    ESN Sonar
    GIGABYTE OC_GURU II
    Google Chrome
    Google Update Helper
    Intel(R) Network Connections 16.4.68.0
    Malwarebytes Anti-Malware version 1.75.0.1300
    Meduza HDST Mouse
    Microsoft .NET Framework 4.5.1
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Origin
    PunkBuster Services
    Realtek High Definition Audio Driver
    ROG Thunderbolt Audio
    Steam
    TeamSpeak 3 Client
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/30/2013 12:23:34 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
    11/29/2013 7:08:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    11/26/2013 3:11:48 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
    11/26/2013 3:00:34 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    11/26/2013 2:31:17 AM, Error: Ntfs [137] - The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.
    11/26/2013 1:44:16 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.
    11/26/2013 1:43:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    11/26/2013 1:41:05 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
    11/26/2013 1:23:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
    11/26/2013 1:20:33 AM, Error: Service Control Manager [7023] -
    11/25/2013 9:33:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    11/25/2013 9:33:03 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/25/2013 9:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Open Windows Explorer. Go Tools>Folder Options>View tab (Windows 8 users. Open File Manager. Go View>Options>Change folder and search options>View tab), put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Windows\syswow64\ExMgr.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    [​IMG] Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
    Code:
    :file
    C:\Windows\syswow64\ExMgr.exe
    
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  3. konc3pt

    konc3pt TS Rookie Topic Starter

    .==============

    [​IMG]
    SHA256: 5a3070b6642e4779e97f42c3b65ad573fd3d373cbcc3fd7ea1819af4d9630cac
    File name: ExMgr.exe
    Detection ratio: 0 / 48
    Analysis date: 2013-11-30 22:52:49 UTC ( 0 minutes ago )​
    [​IMG]
    4​

    2​

    Probably harmless! There are strong indicators suggesting that this file is safe to use.


    PE signature block

    Copyright
    Copyright (C) 2007​
    Product HsMgr
    Original name HsMgr.EXE
    Internal name HookSupport Manager
    File version 1, 0, 0, 2
    Description HsMgr Application

    ExifTool file metadata

    SubsystemVersion
    4.0​
    LinkerVersion
    8.0​
    ImageVersion
    0.0​
    FileSubtype
    0​
    FileVersionNumber
    1.0.0.2​
    UninitializedDataSize
    0​
    LanguageCode
    English (U.S.)​
    FileFlagsMask
    0x003f​
    CharacterSet
    Unicode​
    InitializedDataSize
    65536​
    OriginalFilename
    HsMgr.EXE​
    MIMEType
    application/octet-stream​
    LegalCopyright
    Copyright (C) 2007​
    FileVersion
    1, 0, 0, 2​
    TimeStamp
    2011:02:25 10:05:07+01:00​
    FileType
    Win32 EXE​
    PEType
    PE32​
    InternalName
    HookSupport Manager​
    ProductVersion
    1, 0, 0, 2​
    FileDescription
    HsMgr Application​
    OSVersion
    4.0​
    FileOS
    Win32​
    Subsystem
    Windows GUI​
    MachineType
    Intel 386 or later, and compatibles​
    CodeSize
    135168​
    ProductName
    HsMgr​
    ProductVersionNumber
    1.0.0.2​
    EntryPoint
    0x10299​
    ObjectFileType
    Executable application​


    MD5 215f76642fc1c3988ebc29a1dcef917f
    SHA1 872fb7e2cfc74eec237c8e141ab35d96d87e06c2
    SHA256 5a3070b6642e4779e97f42c3b65ad573fd3d373cbcc3fd7ea1819af4d9630cac
    ssdeep
    3072:n4pbd1cxM51BcyGTEpjCFJ15xox3sO47s6rPaptt7CT6g:4lPcxM5AyGopS3xoxZ47s6E7Q​
    File size 200.0 KB ( 204800 bytes )
    File type Win32 EXE
    Magic literal
    PE32 executable for MS Windows (GUI) Intel 80386 32-bit​
    TrID Win32 Executable MS Visual C++ (generic) (67.3%)
    Win32 Dynamic Link Library (generic) (14.2%)
    Win32 Executable (generic) (9.7%)
    Generic Win/DOS Executable (4.3%)
    DOS Executable Generic (4.3%)
    VirusTotal metadata

    First submission 2011-10-08 04:19:16 UTC ( 2 years, 1 month ago )
    Last submission 2013-11-30 22:52:49 UTC ( 5 minutes ago )
    File names
    HookSupport Manager
    file-3277128_exe
    DPVPIMXDEV-680.pms.exe.SVD
    ExMgr.exe
    HsMgr.EXE
    57AC512D00F8632F20D4035E931B4B00CAC7F774.exe




    ======================================================


    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:00 on 30/11/2013 by Jam Master Jay
    Administrator - Elevation successful

    ========== file ==========

    C:\Windows\syswow64\ExMgr.exe - File found and opened.
    MD5: 215F76642FC1C3988EBC29A1DCEF917F
    Created at 20:13 on 27/11/2013
    Modified at 06:38 on 27/11/2013
    Size: 204800 bytes
    Attributes: -------
    FileDescription: HsMgr Application
    FileVersion: 1, 0, 0, 2
    ProductVersion: 1, 0, 0, 2
    OriginalFilename: HsMgr.EXE
    InternalName: HookSupport Manager
    ProductName: HsMgr
    LegalCopyright: Copyright (C) 2007

    -= EOF =-
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    It looks like false positive.

    Are you experiencing any computer issues?
     
  5. konc3pt

    konc3pt TS Rookie Topic Starter

    No, Should I let it start and run with windows?

    Thanks for the help btw.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    It's hard to say until we establish further what that file is for.
    When I Google it it looks like it can be coming from different sources.

    See comments here: http://www.file.net/process/hsmgr.exe.html
    Check if it applies to you.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...