Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

127.0.0.1:1025 Problem


  • Please log in to reply
3 replies to this topic

#1 rsd79

rsd79

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oilers Country
  • Local time:01:18 AM

Posted 04 October 2007 - 01:27 PM

I recently gave my laptop to my sister for a couple of days so that she could use it while she was at our Grandma's house(closer to school). I have received it back and now have this problem where almost every webpage I load has a script called 127.0.0.1:1025, since I never saw it before, I was thinking it could be malware, spyware, trojan or any of that junk. I did scans with AVG, Adaware, Spybot, and Zonealarm but found nothing. I started doing a little research on google to find out that this is a loopback address problem that is used by worms to gain personal information when the script is allowed. I am currently using Mozilla Firefox with the Noscript extension that blocks all javascripts under my discretion so the 127.0.0.1:1025 script is blocked right now because I fear it. I think the problem may have to do with her using IE or newly installed MSN messenger. I also went through another procedure, found on google, where I was supposed to delete lines from a windows host file; however, could not find any lines the procedure suggested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWindows SteadyStateSCTSvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesWinampwinampa.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesDriveIconDriveIcon.exe
C:Program FilesJavajre1.6.0_02binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesREALTEK RTL8185 Wireless LAN Driver and

UtilityRtWLan.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32SNDVOL32.EXE
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) -

{D15A01BD-C50A-9CFA-7247-ECECDDE415ED} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program

FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {09577D23-AD7A-49FC-ACBF-B785BD3342A7} - (no

file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no

file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no

file)
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - (no

file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:Program FilesJavajre1.6.0_02binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon

FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - (no

file)
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows

Live Toolbarmsntb.dll
O2 - BHO: CBrowserHelperObject Object -

{CA6319C0-31B7-401E-A518-A07C3DB8F777} -

c:windowssystem32BAE.dll
O2 - BHO: (no name) - {D15A01BD-C50A-9CFA-7247-ECECDDE415ED} - (no

file)
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows

Live Toolbarmsntb.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE

C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

/STARTUP
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [SynTPEnh] C:Program

FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone

LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [DriveIcons] C:Program FilesDriveIconDriveIcon.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program

FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] "C:Program

FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE"
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKLM..PoliciesExplorerRun: [UpdateManager] C:Program

FilesCommon FilesMicrosoft SharedTranslatLicenseManager.exe
O4 - HKUSS-1-5-19..Run: [AVG7_Run]

C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'LOCAL

SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run]

C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'NETWORK

SERVICE')
O4 - HKUSS-1-5-18..Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:Program

FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.6.0_02binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program

FilesPartyGamingPartyPokerRunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program

FilesPartyGamingPartyPokerRunApp.exe
O9 - Extra button: (no name) -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork

Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program

FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program

FilesMessengermsmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)

- http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live

Safety Center Base Module) -

http://cdn.scan.safety.live.com/resource/d.../wlscbase8460.c

ab
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Plug-in

1.4.2_12) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in

1.5.0_02) -
O17 -

HKLMSystemCCSServicesTcpip..{D6539A68-4617-45AD-98A0-61BAA6

5250D2}: NameServer = 192.168.1.1
O20 - Winlogon Notify: khffcya - C:WINDOWS
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel

32IDriverT.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero

BackItUpNBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program

FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

CACE Technologies - C:Program FilesWinPcaprpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:WINDOWSsystem32ZoneLabsvsmon.exe

--
End of file - 7951 bytes

Edited by Animal, 06 October 2007 - 04:55 PM.

Dustin Penner is the new Jaromir Jagr.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:18 AM

Posted 14 October 2007 - 07:15 AM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R3 - URLSearchHook: (no name) -{D15A01BD-C50A-9CFA-7247-ECECDDE415ED} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {09577D23-AD7A-49FC-ACBF-B785BD3342A7} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - (no file)

Reboot your computer and post a new log.

Also, in Firefox click on tools and then options. Then click on the advanced tab, and then the network tab under advanced.

Finally click on the settings button. Make sure direct connection top the internet is selected and then press OK till you get out of options. Does this fix the 127.0.0.1 problem?

#3 rsd79

rsd79
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oilers Country
  • Local time:01:18 AM

Posted 17 October 2007 - 01:19 AM

I should have checked this thread earlier, since I stopped checking after Sunday and looked for my own solution. However, due to my impatience I started searching on google for a fix to the problem. I wish I had the link but forgot to save it. The report said to go to Zonealarm '"privacy tab" in the Zonealarm control centre and turn the "cookie control" feature to "off". After following this procedure, I did get rid of the 127.0.0.1:1025 script that was trying to run in Firefox. I have posted the results of your instructions below.

By the way, it is an honour to be replying to the #3 man on BleepingComputer. :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DriveIcon\DriveIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and

Utility\RtWLan.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B0C7A02-A17A-4C81-BD7D-30A622701C36} - (no

file)
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object -

{CA6319C0-31B7-401E-A518-A07C3DB8F777} -

c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {D15A01BD-C50A-9CFA-7247-ECECDDE415ED} - (no

file)
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program

Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program

Files\Common Files\Microsoft Shared\Translat\LicenseManager.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)

- http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live

Safety Center Base Module) -

http://cdn.scan.safety.live.com/resource/d.../wlscbase8460.c

ab
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Plug-in

1.4.2_12) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in

1.5.0_02) -
O17 -

HKLM\System\CCS\Services\Tcpip\..\{D6539A68-4617-45AD-98A0-61BAA6

5250D2}: NameServer = 192.168.1.1
O20 - Winlogon Notify: khffcya - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program

Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7432 bytes

Edited by rsd79, 17 October 2007 - 01:25 AM.

Dustin Penner is the new Jaromir Jagr.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:18 AM

Posted 17 October 2007 - 10:40 AM

Fix these two entries in HijackThis:

O2 - BHO: (no name) - {D15A01BD-C50A-9CFA-7247-ECECDDE415ED} - (no file)
O20 - Winlogon Notify: khffcya - C:\WINDOWS\


Then,
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users