Logfile of HijackThis v1.98.2
Scan saved at 08:45:55 ?, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\DOCUME~1\Shared\dcevtsrv.exe
C:\PROGRA~1\DOCUME~1\Shared\dcathmgr.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\alshas0d\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy01.aramco.com.sa:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aramco.com.sa;*.aramco.com;10.*.*.*;*.dha.aramco.com.sa;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Passport Classes -
O16 - DPF: Yahoo! Chat -
O16 - DPF: Yahoo! Chess -
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (ProtoView ComboBox Control) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O16 - DPF: {8112FBD1-CCF9-11D2-8CA3-00104B72D644} (LLExplorer.LLExplorer20) -
O16 - DPF: {8F25C903-8346-11CF-AACD-444553540000} (ProtoView Time Control) -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) -
O16 - DPF: {C2000000-FFFF-1100-8000-000000000004} (ProtoView Mask Edit Control) -
O16 - DPF: {C2000000-FFFF-1100-8200-000000000004} (ProtoView Numeric Control) -
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) -
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Edit Control) -
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 8.0 (OLEDB)) -
O16 - DPF: {F89D69D2-0C80-11D4-B67E-0050DA271F38} (eStreamIE Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aramco.com
O17 - HKLM\Software\..\Telephony: DomainName = aramco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aramco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aramco.com,aramco.com.sa,dha.aramco.com.sa,aramcoservices.com,enp.aramco.com.sa,int.aramco.com.sa,ruh.aramco.com.sa,abq.aramco.com.sa,sha.aramco.com.sa,shd.aramco.com.sa,udh.aramco.com.sa,uth.aramco.com.sa,ber.aramco.com.sa,jua.aramco.com.sa,rtn.aramco.com.sa,tan.aramco.com.sa,jed.aramco.com.sa,jzn.aramco.com.sa,khm.aramco.com.sa,tab.aramco.com.sa,rab.aramco.com.sa,yan.aramco.com.sa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aramco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = aramco.com,aramco.com.sa,dha.aramco.com.sa,aramcoservices.com,enp.aramco.com.sa,int.aramco.com.sa,ruh.aramco.com.sa,abq.aramco.com.sa,sha.aramco.com.sa,shd.aramco.com.sa,udh.aramco.com.sa,uth.aramco.com.sa,ber.aramco.com.sa,jua.aramco.com.sa,rtn.aramco.com.sa,tan.aramco.com.sa,jed.aramco.com.sa,jzn.aramco.com.sa,khm.aramco.com.sa,tab.aramco.com.sa,rab.aramco.com.sa,yan.aramco.com.sa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aramco.com,aramco.com.sa,dha.aramco.com.sa,aramcoservices.com,enp.aramco.com.sa,int.aramco.com.sa,ruh.aramco.com.sa,abq.aramco.com.sa,sha.aramco.com.sa,shd.aramco.com.sa,udh.aramco.com.sa,uth.aramco.com.sa,ber.aramco.com.sa,jua.aramco.com.sa,rtn.aramco.com.sa,tan.aramco.com.sa,jed.aramco.com.sa,jzn.aramco.com.sa,khm.aramco.com.sa,tab.aramco.com.sa,rab.aramco.com.sa,yan.aramco.com.sa
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL