Do you know how it was installed on your system? Please re-enable javascript to access full functionality. Thank you for all the help. Yet, as we were reminded by latest news about the C-variant of a particularly sophisticated rootkit, we can never be 100% sure a machine is clean.

Then navigate to "C:\WINDOWS\system32" and try to locate "kvcnejfo.exe". Is there something I can do to ensure that this is acceptable and that they are all legitimate? If the entries re-appear without your consent, then this will indicate some hidden activity on your machine.

  1. Authority:VeriSign, Inc.
  2. Spysweeper tells me my system is clean.
  3. Description: Ssidrv.sys is not essential for the Windows OS and causes relatively few problems.

Once you've identified some malware files, FreeFixer is pretty good at removing them. Size : 23152 sshrmd.sys is a product Spy Sweeper SDK with Webroot Software, Inc. Although at first this should seem great - I realize that it only fins 1 mru item- no tracking cookies ever. I want to let you know about the FreeFixer program.

Do you have additional information? If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. You can instruct Explorer to show "hidden" and "system " files by clicking on "Tools" => "Folder Options" => "View". + Untick the option to "Hide protected system files". + Tick Here is a list of the drivers on my system though: \winnt\system32\ntoskrnl.exe \winnt\system32\hal.dll \winnt\system32\bootvid.dll \winnt\system32\drivers\wmilib.sys pci.sys isapnp.sys ohci1394.sys \winnt\system32\drivers\1394bus.sys \winnt\system32\drivers\ndis.sys \winnt\system32\drivers\tdi.sys compbatt.sys \winnt\system32\drivers\battc.sys pciide.sys \winnt\system32\drivers\pciidex.sys pcmcia.sys ftdisk.sys diskperf.sys dmload.sys dmio.sys partmgr.sys

Other processes tskrmain.exe hd-logrotatorservice.exe workspaceupdate.exe ssidrv.sys webcakedesktop.exe spriteservice.exe vetfddnt40.sys fvhelper.dll incinerator.dll iked.exe olfsnt40.exe

Their verdicts will give important input in order to decide on how to proceed. Is your recommendation to just keep an eye on things and not have much concern unless myAV notifies me of something? CommentsPlease share with the other users what you think about this file. sshrmd.sys's description is "Spy Sweeper Mini Driver"sshrmd.sys is digitally signed by Webroot Software, Inc..sshrmd.sys is usually located in the 'C:\WINDOWS\system32\drivers\' folder.If you have additional information about the file, please share it

Malwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive. sshrmd.sys information : File Name : sshrmd.sys Software : Spy Sweeper SDK Version : Company : Webroot Software, Inc. The file "kvcnejfo.exe" is hidden away from viewing it even if Explorer has been configured to show all hidden/system files.

It runs as a Windows kernel mode device driver named “sshrmd”.

Thank you for your help Back to top #4 acklan acklan Bleepin' cat's meow Members 8,529 posts OFFLINE Gender:Not Telling Location:Baton Rouge, La. You might also try to change the Windows firewall settings in such a way that "kvcnejfo.exe" may no longer access the internet. Ssidrv.sys is a Windows driver. No mention of the file in the below either.

To learn more and to read the lawsuit, click here. Why not be the first to write a short comment? Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. To be more certain, I found my way to Rootkit Revealer upon investigating things and my Log is below: HKLM\SECURITY\Policy\Secrets\SAC*9/3/2002 10:18 AM0 bytesKey name contains embedded nulls (*)HKLM\SECURITY\Policy\Secrets\SAI*9/3/2002 10:18 AM0 bytesKey

This would indicate malware activity. You can now download and install sshrmd.sys file with one click. Having gone through your Autoruns logfile, there is nothing which strikes me as suspicious. Only Microsoft and Accounting software that Iuse regularlywere on the Exceptions list.

If you find the file, right click the name and check the properties in order to get an idea who created it and what it might be for. Else you may be lucky and your machine may be clean. Suggested Action Plan: (1) Make sure Explorer shows all files/folders. (2) Try to locate the file C:\WINDOWS\system32\kvcnejfo.exe (3) If it can be found, upload it to Virustotal and post the link Using the site is easy and fun.

Do you have any conflicts? "2007 & 2008 Windows Shell/User Award" Back to top #3 32red 32red Topic Starter Members 27 posts OFFLINE Local time:08:15 PM Posted 28 June 2007 The program is not visible. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Valid from:12/7/2009 6:00:00 PM Valid to:1/20/2012 5:59:59 PM Subject:CN="Webroot Software, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Webroot Software, Inc.", L=Boulder, S=Colorado, C=US Issuer:CN=VeriSign Class 3 Code Signing

Thank you for your contributions.I'm reading all new comments so don't hesitate to post a question about the file. Keep an eye on it.