Thanks Nasdaq. Place a check against these items:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXEClick on Fix Checked when finished and exit HijackThis.*/*Please run Notepad and scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programmi\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:b8,e2,71,04,f6,02,05,79,e8,72,4f,3d,fb,d9,ee,0d,a8,4d,d3,09,eb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:c3,13,09,4c,54,5f,62,57,d1,3d,25,e5,d7,a5,55,01,6a,53,b1,e0,a6,.. "p0"="C:\Programmi\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c1,f2,51,be,2a,25,b2,29,9e,01,22,60,68,99,8f,74,f8,08,f3,c7,ec,.. "a0"=hex:20,01,00,00,76,55,a1,48,7f,ea,c4,56,ea,03,19,72,26,ac,bc,22,78,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:49,bd,e0,30,6d,04,dc,14,19,29,d2,08,e6,f6,6e,b1,53,ec,ee,37,d8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programmi\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:b8,e2,71,04,f6,02,05,79,e8,72,4f,3d,fb,d9,ee,0d,a8,4d,d3,09,eb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] It is not malicious in itself but can be misused/used by other malware (worms, backdoor Trojans) to gain access to your PC.Is PsExec something you downloaded yourself? ..Microsoft MVP Consumer Security
Edited by Juliet, 06 February 2009 - 08:11 AM. How about c:\Combofix\combofix.txt <-- is it here? I want to let you know about the FreeFixer program. Register now!
Therefore it could be that we could help Panda do correctly detect that file. Only HijackThis seems to work. Look for these files for me C:\qoobox\quarantined_files.txt <-- is this file present?
I'll be checking it tomorrow, as I'm not sitting anymore in front of that PC. We recommend SecurityTaskManager for verifying your computer's security. PsExec provides full interactivity for console applications. I can stop the service and delete the file, but the service is obviously still listed.
A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you Scan your system now to identify unused processes that are using up valuable resources. I used the Combofix last time because I read on PC PitStop Forums about an issue which was exactly my case, thus I used it. Have you looked in event viewer?
How to make a viable flying mount? Interestingly, the same command works just fine on a Win-7-Professional (x64) and it also works perfectly fine in reverse (i.e. If this is *really* a safe file to have on my PC, tell me. It does not count as help.
I have Combfix, Dr Web cureit, and SDFix saved on desktop. I was expecting a more user friendly window to pop up asking for my choice of action. Open the extracted SDFix folder and double click RunThis.bat to start the script. more stack exchange communities company blog Stack Exchange Inbox Reputation and Badges sign up log in tour help Tour Start here for a quick overview of the site Help Center Detailed
I doubt it can run as it's designed to now since Panda deleted out a needed file. nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ] Please allow ComboFix to install, if needed, Windows Recovery Console. If so -- please post its contents.
It will scan and the log should open in notepad. Jacek 19.02.2013 16:05 QUOTE(mcadek @ 14.02.2013 20:15) 2/14/2013 11:01:37 AM C:\WINDOWS\PSEXESVC.EXE Process is trying to redirect data input/output. However it can be used for malicious purposes like many programs. scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programmi\\[emailprotected]\\LookAtLan.exe"="C:\\Programmi\\[emailprotected]\\LookAtLan.exe:*:Enabled:[emailprotected]" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programmi\\Panda Software\\Panda Administrator 3\\Pav_Agent\\Pagent.exe"="C:\\Programmi\\Panda
What do I do? psexesvc.exe is part of Sysinternals PsExec developed by Sysinternals. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved.
Boot into safe mode.
- Double click on Combo-Fix.exe & follow the prompts.
- I will try this today and report back.
- This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
- I'll do the test in Safe Mode later, sorry have to work now on this PC!
- This will also enable you to access any of your files, at any time, on any device.
- The file has a digital signature.
- File is: C:\Qoobox\ComboFix-quarantined-files.txt 2009-02-04 08:40:38 A------- 54 C:\Qoobox\Quarantine\catchme.log 2009-02-04 08:51:05 A------- 10,356 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg How about c:\Combofix\combofix.txt <-- is it here?
- Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Therefore, you should check the psexesvc.exe process on your PC to see if it is a threat. Previous IT probably left some backdoors. APPL/PsExec.E (Unclassified Threat) File C:\WINDOWS/PSEXESVC.EXE Note PSEXESVC.EXE is not malware. psexesvc.exe is used by 'Sysinternals PsExec'.This is an application created by 'Sysinternals'.
PsExeSvc stands for PsExec: Remote Process Execution Service The .exe extension on a filename indicates an executable file. Trying to locate the prefetch file if there is one. Further additions like networking and security soon followed.