Ultimate Predator Posted June 18, 2007 Share Posted June 18, 2007 Please tell me if it needs cleaning, for performance, or whether there is malware. Cheers. Logfile of HijackThis v1.99.1 Scan saved at 13:36:59, on 18/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Outpost Security Suite] C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite\feedback.exe /dump:os_startup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.betfair.com O15 - Trusted Zone: *.betfair.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB8B3AF-9031-4192-882F-DD1096C4171D}: NameServer = 194.168.4.100 194.168.8.100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Outpost Security Suite Service (OutpostSecuritySuite) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted June 18, 2007 Administrator Share Posted June 18, 2007 All clean. You may want to run LSPFix. These can go safely if you wish: O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite\feedback.exe /dump:os_startup O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll Link to comment Share on other sites More sharing options...
Ultimate Predator Posted June 18, 2007 Author Share Posted June 18, 2007 What does LSPFix do? Is it safe? Why do I need it? Link to comment Share on other sites More sharing options...
Administrator Tarun Posted June 18, 2007 Administrator Share Posted June 18, 2007 O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll I know that it's Agnitum and it may very well be safe; though I see no reason for it to be that intrusive. LSPFix may see a possible error with it, so you may want to check. Link to comment Share on other sites More sharing options...
Ultimate Predator Posted June 19, 2007 Author Share Posted June 19, 2007 Tried it, no problems found. Cheers. Link to comment Share on other sites More sharing options...
Recommended Posts