Inactive HSMGR C:/windows/syswow64/exmgr.exe

[konc3pt]

Malwarebytes and Trend Micro titanium maximum security 2014 doesn't detect it as a threat, but my google search of the file says it's a harmful file. This is a new install on a sdd about a week old. I only use the sdd to run gaming (TS3, Steam and origin). I run Malwarebytes on this drive but not the trend micro. Anything else I do other than game and basic internet searches, I use my HDD.

How can I remove this file?

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Jam Master Jay :: SSD [administrator]

Protection: Enabled

11/30/2013 1:49:20 PM
mbam-log-2013-11-30 (13-49-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206597
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Jam Master Jay at 13:45:50 on 2013-11-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16328.14265 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msconfig.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{078DDAA6-BC88-44B2-A58F-6EEFBB3B0B66} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Cm6620Sound] C:\Program Files\ROG Thunderbolt Audio\CPL\ROG ThunderBolt Audio.exe /h /d
x64-Run: [EX_Hook] C:\Windows\syswow64\ExMgr.exe Envoke
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-26 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-26 42624]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-11-25 171688]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-11-25 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-26 56448]
R3 USBUAA;USB Audio Class 2.0 Device Driver;C:\Windows\System32\drivers\USBUAA.SYS [2011-9-6 140544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ATLOISAService;ATLOISAService;C:\Windows\SysWOW64\ATLOISAService.exe [2013-11-27 512000]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-26 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-25 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-25 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-26 1255736]
.
=============== Created Last 30 ================
.
2013-11-29 21:14:4510285968----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE212D5A-688C-4397-AD71-C6884B0B6EBE}\mpengine.dll
2013-11-27 20:14:01--------d-----w-C:\ProgramData\FaceLift
2013-11-27 20:13:5197280------w-C:\Windows\SysWow64\atl80.dll
2013-11-27 20:13:5186016------w-C:\Windows\SysWow64\ExSrv2.dll
2013-11-27 20:13:5186016------w-C:\Windows\SysWow64\ExSrv.dll
2013-11-27 20:13:51751104------w-C:\Windows\SysWow64\CMAPOMain.dll
2013-11-27 20:13:51722432------w-C:\Windows\SysWow64\CMXearSingFX.dll
2013-11-27 20:13:51691712------w-C:\Windows\SysWow64\CMXearLiving10.dll
2013-11-27 20:13:51632656------w-C:\Windows\SysWow64\msvcr80.dll
2013-11-27 20:13:51512000------w-C:\Windows\SysWow64\ATLOISAService.exe
2013-11-27 20:13:51204800------w-C:\Windows\SysWow64\ExMgr.exe
2013-11-27 20:13:511942528------w-C:\Windows\SysWow64\CMXearSurr.dll
2013-11-27 20:13:50804352------w-C:\Windows\System32\Cmeau6620.exe
2013-11-27 20:13:50--------d-----w-C:\Program Files\ROG Thunderbolt Audio
2013-11-27 16:43:00--------d-----w-C:\Windows\SysWow64\RTCOM
2013-11-27 16:33:53757760----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-11-27 16:33:5369715----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-11-27 16:33:5365024----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2013-11-27 16:33:535632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-11-27 16:33:5332768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-11-27 16:33:53274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-11-27 16:33:53204800----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-11-27 16:33:52331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-11-27 16:33:52200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-11-27 06:36:51--------d-----w-C:\Program Files (x86)\Realtek
2013-11-27 03:14:03--------d-----w-C:\Program Files\Realtek
2013-11-27 03:13:281698408----a-w-C:\Windows\RtlExUpd.dll
2013-11-27 03:13:28--------d--h--w-C:\Program Files (x86)\Temp
2013-11-26 20:20:26--------d-----w-C:\Users\Jam Master Jay\AppData\Local\PunkBuster
2013-11-26 20:13:29--------d-----w-C:\Windows\Migration
2013-11-26 18:25:09--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\TS3Client
2013-11-26 15:31:43--------d-----w-C:\Users\Jam Master Jay\AppData\Local\ESN
2013-11-26 09:57:13--------d--h--w-C:\Program Files (x86)\Common Files\EAInstaller
2013-11-26 09:57:11--------d-----w-C:\Program Files (x86)\Battlelog Web Plugins
2013-11-26 07:39:4499840----a-w-C:\Windows\System32\drivers\usbccgp.sys
2013-11-26 07:39:447808----a-w-C:\Windows\System32\drivers\usbd.sys
2013-11-26 07:39:4452736----a-w-C:\Windows\System32\drivers\usbehci.sys
2013-11-26 07:39:44343040----a-w-C:\Windows\System32\drivers\usbhub.sys
2013-11-26 07:39:44325120----a-w-C:\Windows\System32\drivers\usbport.sys
2013-11-26 07:39:4430720----a-w-C:\Windows\System32\drivers\usbuhci.sys
2013-11-26 07:39:4425600----a-w-C:\Windows\System32\drivers\usbohci.sys
2013-11-26 07:12:09--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Programs
2013-11-26 06:59:36--------d-----w-C:\CIMTEMP
2013-11-26 06:54:27--------d-----w-C:\Program Files (x86)\ASM104xUSB3
2013-11-26 06:52:07--------d-----w-C:\GvTemp
2013-11-26 06:47:30--------d-----w-C:\Program Files (x86)\Common Files\ASUS MultiFrame
2013-11-26 06:47:30--------d-----w-C:\Program Files (x86)\ASUS
2013-11-26 06:44:41--------d-----w-C:\Program Files (x86)\AMD AVT
2013-11-26 06:40:2356448----a-w-C:\Windows\System32\drivers\usbfilter.sys
2013-11-26 06:40:2082560----a-w-C:\Windows\System32\drivers\amd_sata.sys
2013-11-26 06:40:2042624----a-w-C:\Windows\System32\drivers\amd_xata.sys
2013-11-26 06:40:0316896----a-w-C:\Windows\AsTaskSched.dll
2013-11-26 06:39:51296320----a-w-C:\Windows\System32\drivers\volsnap.sys
2013-11-26 06:20:47--------d-----w-C:\Users\Jam Master Jay\AppData\Local\AMD
2013-11-26 06:20:37--------d-----w-C:\Users\Jam Master Jay\AppData\Local\ATI
2013-11-26 06:19:550----a-w-C:\Windows\ativpsrm.bin
2013-11-26 04:32:16--------d-----w-C:\Windows\Panther
2013-11-26 02:59:03--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\Malwarebytes
2013-11-26 02:59:022560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-26 02:58:5838224----a-w-C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2013-11-26 02:58:58--------d-----w-C:\ProgramData\Malwarebytes
2013-11-26 02:58:5525928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-11-26 02:58:55--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 02:42:23--------d-----w-C:\Users\Jam Master Jay\AppData\Local\TeamSpeak 3 Client
2013-11-26 02:36:19--------d-----w-C:\Program Files\AMD
2013-11-26 02:36:19--------d-----w-C:\Program Files (x86)\AMD
2013-11-26 02:36:18--------d-----w-C:\Program Files (x86)\AMD APP
2013-11-26 02:36:17--------d-----w-C:\Program Files\Common Files\ATI Technologies
2013-11-26 02:36:17--------d-----w-C:\Program Files (x86)\Common Files\ATI Technologies
2013-11-26 02:36:0446136----a-w-C:\Windows\System32\drivers\amdiox64.sys
2013-11-26 02:36:04--------d-----w-C:\ProgramData\AMD
2013-11-26 02:35:53--------d-----w-C:\Program Files (x86)\ATI Technologies
2013-11-26 02:35:46--------d-----w-C:\Program Files\ATI Technologies
2013-11-26 02:35:44--------d-----w-C:\Program Files\ATI
2013-11-26 02:35:00--------d-----w-C:\AMD
2013-11-26 02:33:05--------d-----w-C:\Program Files (x86)\Origin Games
2013-11-26 02:28:51--------d-----w-C:\Program Files (x86)\GIGABYTE
2013-11-26 02:28:12--------d-----w-C:\NVIDIA
2013-11-26 02:24:56--------d-----w-C:\Program Files\Epicgear
2013-11-26 02:24:23--------d-----w-C:\Program Files (x86)\Epicgear
2013-11-26 02:16:2587040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2013-11-26 02:16:2584992----a-w-C:\Windows\System32\WUDFSvc.dll
2013-11-26 02:16:25744448----a-w-C:\Windows\System32\WUDFx.dll
2013-11-26 02:16:2545056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2013-11-26 02:16:25229888----a-w-C:\Windows\System32\WUDFHost.exe
2013-11-26 02:16:25198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2013-11-26 02:16:25194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2013-11-26 02:13:49--------d-----w-C:\Windows\System32\MRT
2013-11-26 02:09:3981408----a-w-C:\Windows\System32\imagehlp.dll
2013-11-26 02:09:395120----a-w-C:\Windows\SysWow64\wmi.dll
2013-11-26 02:09:395120----a-w-C:\Windows\System32\wmi.dll
2013-11-26 02:09:3923408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2013-11-26 02:09:39159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2013-11-26 02:04:5675776----a-w-C:\Windows\SysWow64\psisrndr.ax
2013-11-26 02:03:5577312----a-w-C:\Windows\System32\packager.dll
2013-11-26 02:03:5567072----a-w-C:\Windows\SysWow64\packager.dll
2013-11-26 02:01:16--------d-----w-C:\Users\Jam Master Jay\AppData\Roaming\Origin
2013-11-26 02:01:15--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Origin
2013-11-26 02:00:32--------d-----w-C:\ProgramData\Origin
2013-11-26 02:00:32--------d-----w-C:\ProgramData\Electronic Arts
2013-11-26 02:00:21--------d-----w-C:\Program Files (x86)\Origin
2013-11-26 01:59:31--------d-----w-C:\Program Files (x86)\Common Files\Steam
2013-11-26 01:59:30--------d-----w-C:\Program Files (x86)\Steam
2013-11-26 01:54:2710285968----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-26 01:53:32826880----a-w-C:\Windows\SysWow64\rdpcore.dll
2013-11-26 01:53:3223552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2013-11-26 01:53:321031680----a-w-C:\Windows\System32\rdpcore.dll
2013-11-26 01:52:042622464----a-w-C:\Windows\System32\wucltux.dll
2013-11-26 01:52:0299840----a-w-C:\Windows\System32\wudriver.dll
2013-11-26 01:52:0236864----a-w-C:\Windows\System32\wuapp.exe
2013-11-26 01:52:02186752----a-w-C:\Windows\System32\wuwebv.dll
2013-11-26 01:51:33--------d-----w-C:\Users\Jam Master Jay\AppData\Local\Google
2013-11-26 01:49:52171688----a-w-C:\Windows\System32\IPROSetMonitor.exe
2013-11-26 01:49:46322760----a-r-C:\Windows\System32\PROUnstl.exe
2013-11-26 01:49:1568264----a-w-C:\Windows\System32\e1qmsg.dll
2013-11-26 01:49:1536472----a-w-C:\Windows\System32\NicCo36.dll
2013-11-26 01:49:15336048----a-w-C:\Windows\System32\drivers\e1q62x64.sys
2013-11-26 01:49:1398496----a-w-C:\Windows\System32\NicInstQ.dll
2013-11-26 01:46:361860096----a-w-C:\Windows\System32\CMediaEffectAPO.dll
2013-11-26 01:46:35359424------w-C:\Windows\System32\CmiInstallResAll64.dll
2013-11-26 01:46:35178176----a-w-C:\Windows\System32\CMediaEffectPropPageExt.dll
2013-11-26 01:46:20--------d-sh--w-C:\Windows\Installer
.
==================== Find3M ====================
.
2013-11-30 06:33:08214392----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-11-30 05:11:03214392----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-27 06:38:0262464----a-w-C:\Windows\System32\CMEffectGFX.dll
2013-11-27 06:38:0259392----a-w-C:\Windows\System32\CMEffectLFX.dll
2013-11-27 06:38:0256832----a-w-C:\Windows\System32\CMMicEffectLFX.dll
2013-11-27 06:38:02191488----a-w-C:\Windows\System32\CMEffectPropPage.dll
2013-11-27 06:38:02140544----a-w-C:\Windows\System32\drivers\USBUAA.SYS
2013-11-26 09:56:3676888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2013-11-11 10:50:16267936------w-C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42830464----a-w-C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21859648----a-w-C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08324096----a-w-C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08656896----a-w-C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25216576----a-w-C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:351474048----a-w-C:\Windows\System32\crypt32.dll
2013-10-05 19:57:251168384----a-w-C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31190464----a-w-C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17197120----a-w-C:\Windows\System32\credui.dll
2013-10-04 02:24:491930752----a-w-C:\Windows\System32\authui.dll
2013-10-04 01:58:50152576----a-w-C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25168960----a-w-C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:001796096----a-w-C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48404480----a-w-C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44311808----a-w-C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10497152----a-w-C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:4095680----a-w-C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40154560----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:3328672----a-w-C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33135680----a-w-C:\Windows\System32\sspicli.dll
2013-09-25 02:23:0128160----a-w-C:\Windows\System32\secur32.dll
2013-09-25 02:22:59340992----a-w-C:\Windows\System32\schannel.dll
2013-09-25 02:21:50307200----a-w-C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:071447936----a-w-C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:1796768----a-w-C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:2622016----a-w-C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24247808----a-w-C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:2430720----a-w-C:\Windows\System32\lsass.exe
2013-09-12 02:21:54863344----a-w-C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 02:21:54501872----a-w-C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 02:21:5428776----a-w-C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 02:21:5418000----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 00:39:06855664----a-w-C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 00:39:06614000----a-w-C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 00:39:0630312----a-w-C:\Windows\System32\aspnet_counters.dll
2013-09-12 00:39:0618000----a-w-C:\Windows\System32\msvcr100_clr0400.dll
2013-09-08 02:30:371903552----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14327168----a-w-C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58231424----a-w-C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 13:46:02.42 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2013 8:41:18 PM
System Uptime: 11/30/2013 1:26:08 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | Crosshair V Formula
Processor: AMD FX(tm)-8150 Eight-Core Processor | AM3r2 | 3792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 119.277 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 681.169 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 465.658 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 1143.12 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: 690LC
Device ID: USB\VID_2433&PID_B111\CCV_1.0
Manufacturer:
Name: 690LC
PNP Device ID: USB\VID_2433&PID_B111\CCV_1.0
Service:
.
Class GUID:
Description: PowerPC Processor
Device ID: PCI\VEN_1957&DEV_C006&SUBSYS_12011A56&REV_10\4&23984C36&0&0058
Manufacturer:
Name: PowerPC Processor
PNP Device ID: PCI\VEN_1957&DEV_C006&SUBSYS_12011A56&REV_10\4&23984C36&0&0058
Service:
.
Class GUID:
Description: Neat Mobile Scanner
Device ID: USB\VID_1F44&PID_0001\CN12B9100748
Manufacturer:
Name: Neat Mobile Scanner
PNP Device ID: USB\VID_1F44&PID_0001\CN12B9100748
Service:
.
==== System Restore Points ===================
.
RP128: 11/13/2013 9:11:31 PM - Windows Update
RP129: 11/17/2013 12:18:18 AM - Installed DirectX
RP130: 11/22/2013 3:34:06 PM - Configured GIGABYTE OC_GURU II
RP131: 11/22/2013 3:35:29 PM - Installed GIGABYTE OC_GURU II
RP132: 11/22/2013 10:00:02 PM - Installed ASUS MultiFrame
RP13: 11/26/2013 4:55:35 AM - Installed DirectX
RP14: 11/26/2013 4:56:10 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
RP15: 11/26/2013 4:56:18 AM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
RP16: 11/26/2013 11:08:52 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
RP17: 11/26/2013 11:09:09 AM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
RP18: 11/26/2013 11:09:23 AM - Installed DirectX
RP19: 11/26/2013 11:10:18 AM - Windows Update
RP20: 11/26/2013 11:14:48 AM - Windows Update
RP21: 11/26/2013 3:12:37 PM - Windows Update
RP22: 11/26/2013 10:13:39 PM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
RP23: 11/27/2013 1:40:00 AM - Removed ROG Thunderbolt Audio
RP24: 11/27/2013 11:42:54 AM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
RP25: 11/27/2013 3:14:04 PM - Installed ROG Thunderbolt Audio
RP26: 11/29/2013 4:14:29 PM - Windows Update
.
==== Installed Programs ======================
.
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASUS MultiFrame
Battlefield 4™
Battlelog Web Plugins
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
Call of Duty: Ghosts - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
EpicGear Meduza HDST Mouse
ESN Sonar
GIGABYTE OC_GURU II
Google Chrome
Google Update Helper
Intel(R) Network Connections 16.4.68.0
Malwarebytes Anti-Malware version 1.75.0.1300
Meduza HDST Mouse
Microsoft .NET Framework 4.5.1
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Origin
PunkBuster Services
Realtek High Definition Audio Driver
ROG Thunderbolt Audio
Steam
TeamSpeak 3 Client
.
==== Event Viewer Messages From Past Week ========
.
11/30/2013 12:23:34 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2013 7:08:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
11/26/2013 3:11:48 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
11/26/2013 3:00:34 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/26/2013 2:31:17 AM, Error: Ntfs [137] - The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.
11/26/2013 1:44:16 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.
11/26/2013 1:43:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/26/2013 1:41:05 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
11/26/2013 1:23:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
11/26/2013 1:20:33 AM, Error: Service Control Manager [7023] -
11/25/2013 9:33:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/25/2013 9:33:03 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2013 9:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Open Windows Explorer. Go Tools>Folder Options>View tab (Windows 8 users. Open File Manager. Go View>Options>Change folder and search options>View tab), put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\syswow64\ExMgr.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:file
C:\Windows\syswow64\ExMgr.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[konc3pt]

.==============

[FONT=Helvetica Neue][/FONT]
[FONT=Helvetica Neue][LEFT]SHA256: 5a3070b6642e4779e97f42c3b65ad573fd3d373cbcc3fd7ea1819af4d9630cac
File name: ExMgr.exe
Detection ratio: 0 / 48
Analysis date: 2013-11-30 22:52:49 UTC ( 0 minutes ago )[/LEFT]
[RIGHT][RIGHT]

[/RIGHT]
[RIGHT][SIZE=30px][RIGHT]4[/RIGHT]
[RIGHT] [/RIGHT][/SIZE][/RIGHT][SIZE=30px]
[RIGHT][SIZE=30px][RIGHT]2[/RIGHT][/SIZE][SIZE=30px]
[RIGHT] [/RIGHT][/size][/RIGHT][SIZE=30px][/size][/size][/RIGHT][SIZE=30px][SIZE=30px]
Probably harmless! There are strong indicators suggesting that this file is safe to use.[/size][/size][SIZE=30px][SIZE=30px][/size][/size][/FONT][SIZE=30px][SIZE=30px]

• [LEFT] [/LEFT]

[FONT=Helvetica Neue]
PE signature block

[LEFT]Copyright[/LEFT]
[LEFT]Copyright (C) 2007[/LEFT]
Product HsMgr
Original name HsMgr.EXE
Internal name HookSupport Manager
File version 1, 0, 0, 2
Description HsMgr Application
ExifTool file metadata

[LEFT]SubsystemVersion[/LEFT]
[LEFT]4.0[/LEFT]
[LEFT]LinkerVersion[/LEFT]
[LEFT]8.0[/LEFT]
[LEFT]ImageVersion[/LEFT]
[LEFT]0.0[/LEFT]
[LEFT]FileSubtype[/LEFT]
[LEFT]0[/LEFT]
[LEFT]FileVersionNumber[/LEFT]
[LEFT]1.0.0.2[/LEFT]
[LEFT]UninitializedDataSize[/LEFT]
[LEFT]0[/LEFT]
[LEFT]LanguageCode[/LEFT]
[LEFT]English (U.S.)[/LEFT]
[LEFT]FileFlagsMask[/LEFT]
[LEFT]0x003f[/LEFT]
[LEFT]CharacterSet[/LEFT]
[LEFT]Unicode[/LEFT]
[LEFT]InitializedDataSize[/LEFT]
[LEFT]65536[/LEFT]
[LEFT]OriginalFilename[/LEFT]
[LEFT]HsMgr.EXE[/LEFT]
[LEFT]MIMEType[/LEFT]
[LEFT]application/octet-stream[/LEFT]
[LEFT]LegalCopyright[/LEFT]
[LEFT]Copyright (C) 2007[/LEFT]
[LEFT]FileVersion[/LEFT]
[LEFT]1, 0, 0, 2[/LEFT]
[LEFT]TimeStamp[/LEFT]
[LEFT]2011:02:25 10:05:07+01:00[/LEFT]
[LEFT]FileType[/LEFT]
[LEFT]Win32 EXE[/LEFT]
[LEFT]PEType[/LEFT]
[LEFT]PE32[/LEFT]
[LEFT]InternalName[/LEFT]
[LEFT]HookSupport Manager[/LEFT]
[LEFT]ProductVersion[/LEFT]
[LEFT]1, 0, 0, 2[/LEFT]
[LEFT]FileDescription[/LEFT]
[LEFT]HsMgr Application[/LEFT]
[LEFT]OSVersion[/LEFT]
[LEFT]4.0[/LEFT]
[LEFT]FileOS[/LEFT]
[LEFT]Win32[/LEFT]
[LEFT]Subsystem[/LEFT]
[LEFT]Windows GUI[/LEFT]
[LEFT]MachineType[/LEFT]
[LEFT]Intel 386 or later, and compatibles[/LEFT]
[LEFT]CodeSize[/LEFT]
[LEFT]135168[/LEFT]
[LEFT]ProductName[/LEFT]
[LEFT]HsMgr[/LEFT]
[LEFT]ProductVersionNumber[/LEFT]
[LEFT]1.0.0.2[/LEFT]
[LEFT]EntryPoint[/LEFT]
[LEFT]0x10299[/LEFT]
[LEFT]ObjectFileType[/LEFT]
[LEFT]Executable application[/LEFT]


MD5 215f76642fc1c3988ebc29a1dcef917f
SHA1 872fb7e2cfc74eec237c8e141ab35d96d87e06c2
SHA256 5a3070b6642e4779e97f42c3b65ad573fd3d373cbcc3fd7ea1819af4d9630cac
[LEFT]ssdeep[/LEFT]
[LEFT]3072:n4pbd1cxM51BcyGTEpjCFJ15xox3sO47s6rPaptt7CT6g:4lPcxM5AyGopS3xoxZ47s6E7Q[/LEFT]
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
[LEFT]Magic literal[/LEFT]
[LEFT]PE32 executable for MS Windows (GUI) Intel 80386 32-bit[/LEFT]
TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
VirusTotal metadata

First submission 2011-10-08 04:19:16 UTC ( 2 years, 1 month ago )
Last submission 2013-11-30 22:52:49 UTC ( 5 minutes ago )
File names
HookSupport Manager
file-3277128_exe
DPVPIMXDEV-680.pms.exe.SVD
ExMgr.exe
HsMgr.EXE
57AC512D00F8632F20D4035E931B4B00CAC7F774.exe




======================================================


SystemLook 30.07.11 by jpshortstuff
Log created at 18:00 on 30/11/2013 by Jam Master Jay
Administrator - Elevation successful

========== file ==========

C:\Windows\syswow64\ExMgr.exe - File found and opened.
MD5: 215F76642FC1C3988EBC29A1DCEF917F
Created at 20:13 on 27/11/2013
Modified at 06:38 on 27/11/2013
Size: 204800 bytes
Attributes: -------
FileDescription: HsMgr Application
FileVersion: 1, 0, 0, 2
ProductVersion: 1, 0, 0, 2
OriginalFilename: HsMgr.EXE
InternalName: HookSupport Manager
ProductName: HsMgr
LegalCopyright: Copyright (C) 2007

-= EOF =-
[/FONT][/size][/size]

 

[Broni]

It looks like false positive.

Are you experiencing any computer issues?

 

[konc3pt]

No, Should I let it start and run with windows?

Thanks for the help btw.

 

[Broni]

It's hard to say until we establish further what that file is for.
When I Google it it looks like it can be coming from different sources.

See comments here: http://www.file.net/process/hsmgr.exe.html
Check if it applies to you.