Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy 127.0.0.1:5050


  • Please log in to reply
1 reply to this topic

#1 drphilnan

drphilnan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 17 February 2015 - 07:33 PM

Hi All - I saw a previous thread and followed the instructions for the Proxy 127.0.0.1:5050 virus. I followed the instructions but still have the problem. Any help would be grrreatly appreciated! - Downloaded FRST64.exe - Downloaded the Fixlist.txt that was in the thread. - Moved these files to the same folder. - Ran FRST64.exe and pressed the Fix button. - Rebotted. - Verified that the problem still exists. I have pasted the Fixlog.txt contents, below. ANY help would be grrrreatly appreciated! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015 Ran by dreamit at 2015-02-17 19:06:43 Run:1 Running from C:\FARBAR Loaded Profiles: dreamit (Available profiles: dreamit & Michael & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s CMD: type "C:\ProgramData\HitmanPro\Logs\Hitman*.log" ***************** ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings CodeBaseSearchPath REG_SZ CODEBASE EnablePunycode REG_DWORD 0x1 WarnOnIntranet REG_DWORD 0x1 MinorVersion REG_SZ 0 ActiveXCache REG_SZ C:\Windows\Downloaded Program Files ProxyEnable REG_DWORD 0x1 ProxyServer REG_SZ http=127.0.0.1:57797;https=127.0.0.1:57797 ProxyOverride REG_SZ <-loopback> MigrateProxy REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections WinHttpSettings REG_BINARY 1800000000000000010000000000000000000000 DefaultConnectionSettings REG_BINARY 46000000270000000B0000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 SavedLegacySettings REG_BINARY 46000000FE0000000B0000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 Broadband Connection REG_BINARY 460000000A000000030000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 LAN Connection REG_BINARY 4600000002000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings CodeBaseSearchPath REG_SZ CODEBASE WarnOnIntranet REG_DWORD 0x1 EnablePunycode REG_DWORD 0x1 MinorVersion REG_SZ 0 ActiveXCache REG_SZ C:\Windows\Downloaded Program Files ProxyEnable REG_DWORD 0x1 MigrateProxy REG_DWORD 0x1 ProxyServer REG_SZ http=127.0.0.1:57797;https=127.0.0.1:57797 ProxyOverride REG_SZ <-loopback> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections WinHttpSettings REG_BINARY 1800000000000000010000000000000000000000 DefaultConnectionSettings REG_BINARY 46000000270000000B0000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 SavedLegacySettings REG_BINARY 46000000FE0000000B0000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 Broadband Connection REG_BINARY 460000000A000000030000002A000000687474703D3132372E302E302E313A35373739373B68747470733D3132372E302E302E313A35373739370B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 LAN Connection REG_BINARY 4600000002000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ========= End of Reg: ========= ========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" ========= HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings IE5_UA_Backup_Flag REG_SZ 5.0 EnableNegotiate REG_DWORD 0x1 MigrateProxy REG_DWORD 0x1 PrivacyAdvanced REG_DWORD 0x1 ProxyEnable REG_DWORD 0x1 User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32) ZonesSecurityUpgrade REG_BINARY 161DCC651BE8CF01 EmailName REG_SZ User@ AutoConfigProxy REG_SZ wininet.dll MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges WarnOnPost REG_BINARY 01000000 UseSchannelDirectly REG_BINARY 01000000 EnableHttp1_1 REG_DWORD 0x1 UrlEncoding REG_DWORD 0x0 SecureProtocols REG_DWORD 0xaa0 DisableCachingOfSSLPages REG_DWORD 0x0 WarnonZoneCrossing REG_DWORD 0x0 CertificateRevocation REG_DWORD 0x1 GlobalUserOffline REG_DWORD 0x0 EnableAutodial REG_DWORD 0x1 NoNetAutodial REG_DWORD 0x1 ProxyServer REG_SZ 127.0.0.1:5050 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Activities HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ========= End of Reg: ========= ========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" ========= HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections DefaultConnectionSettings REG_BINARY 460000001E020000030000000E0000003132372E302E302E313A3530353000000000000000000000000000000000000000000000000000000000000000000000000000000000 SavedLegacySettings REG_BINARY 46000000E4740000030000000E0000003132372E302E302E313A3530353000000000000000000000000000000000000000000000000000000000000000000000000000000000 ========= End of Reg: ========= ========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\nlasvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Cache KnownProxylessGatewaysV4 REG_BINARY 060CF8937AF5A1120048004F004D0045002D004600350041003200CE4E0200 KnownProxylessGatewaysV6 REG_BINARY 060CF8937AF5A1120048004F004D0045002D004600350041003200CE4E0200 OpportunisticInternetGatewaysV4 REG_BINARY 060CF8937AF5A1120048004F004D0045002D004600350041003200D94E0200 OpportunisticInternetGatewaysV6 REG_BINARY 060CF8937AF5A1120048004F004D0045002D004600350041003200D94E0200 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet ActiveWebProbePathV6 REG_SZ ncsi.txt ActiveWebProbePath REG_SZ ncsi.txt ActiveDnsProbeHost REG_SZ dns.msftncsi.com EnableActiveProbing REG_DWORD 0x1 PassivePollPeriod REG_DWORD 0xf ActiveWebProbeContentV6 REG_SZ Microsoft NCSI ActiveDnsProbeContentV6 REG_SZ fd3e:4f5a:5b81::1 ActiveWebProbeContent REG_SZ Microsoft NCSI ActiveDnsProbeContent REG_SZ 131.107.255.255 ActiveWebProbeHost REG_SZ www.msftncsi.com StaleThreshold REG_DWORD 0x1e ActiveWebProbeHostV6 REG_SZ ipv6.msftncsi.com WebTimeout REG_DWORD 0x23 ActiveDnsProbeHostV6 REG_SZ dns.msftncsi.com HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies (Default) REG_SZ 1127.0.0.1:5050 ========= End of Reg: ========= ========= type "C:\ProgramData\HitmanPro\Logs\Hitman*.log" ========= The system cannot find the path specified. ========= End of CMD: ========= ==== End of Fixlog 19:06:44 =

Edited by Orange Blossom, 17 February 2015 - 09:43 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:23 AM

Posted 21 February 2015 - 10:41 AM

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your log as submitted is unreadable in the present format.

Please run the Farbar tool normally.

Before saving the file with Notepad please make sure that the Wordwrap function is set.
You will find that under the format menu.

Save the file and post the content for my review.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users