Tech Support Forum - View Single Post - pc very slow, multiple trojans/malware, hijackthis log

jimmyfishcake · 10-05-2007, 11:59 AM

Hi, here are requested log files, the only problem was starting my pc in safemode, I tried until I was blue in the face & ended up using safemode via 'msconfig' which seemed to do the job.

ComboFix 07-10-05.3 - Jon_W 2007-10-06 6:05:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.644 [GMT 13:00]
Running from: C:\Documents and Settings\Jon_W\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-05 21:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-05 19:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 22:32 <DIR> d-------- C:\Deckard
2007-09-30 22:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 22:10 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-30 06:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-30 00:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-28 08:04 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-28 08:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-28 08:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-12 09:22 <DIR> d-------- C:\Program Files\Mobiola Web Camera for S60 3Ed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 05:22 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\OpenOffice.org2
2007-09-30 18:04 --------- d-------- C:\Program Files\Softdiv Audio Converter
2007-09-30 18:03 --------- d-------- C:\Program Files\Shareaza
2007-09-30 18:03 --------- d-------- C:\Program Files\PowerISO
2007-09-30 18:03 --------- d-------- C:\Program Files\PKR
2007-09-30 17:55 --------- d-------- C:\Program Files\Multimedia Combo Set
2007-09-30 17:55 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-30 17:55 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-30 06:37 --------- d-------- C:\Program Files\Common Files\Real
2007-09-30 06:36 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Real
2007-09-30 04:31 --------- d-------- C:\Program Files\WinAce
2007-09-30 04:31 --------- d-------- C:\Program Files\QuickTime
2007-09-20 22:45 --------- d-------- C:\Program Files\Activision Value
2007-09-18 01:14 --------- d-------- C:\Program Files\TexasCalculatem
2007-09-17 21:21 --------- d-------- C:\Program Files\Poker.com
2007-09-15 19:32 --------- d-------- C:\Program Files\Axis & Allies
2007-09-03 10:27 --------- d-------- C:\Program Files\jetflash
2007-09-02 20:53 --------- d-------- C:\Program Files\ShotOnline International
2007-08-30 16:56 --------- d-------- C:\Program Files\CDisplay
2007-08-26 11:45 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\GrabIt
2007-08-21 23:14 --------- d-------- C:\Program Files\Steam
2007-08-21 15:42 --------- d-------- C:\Program Files\Winamp
2007-08-19 20:50 --------- d-------- C:\Program Files\American Systems
2007-08-19 20:44 2772480 --a------ C:\Program Files\psdlx.exe
2007-08-18 00:25 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Media Player Classic
2007-08-17 21:33 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-08-17 21:23 --------- d-------- C:\Program Files\Morgan
2007-08-17 21:23 --------- d-------- C:\Program Files\DivX
2007-08-17 21:22 13043226 --a------ C:\Program Files\klcodec330f.exe
2007-08-17 16:39 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-17 16:38 --------- d-------- C:\Program Files\GRETECH
2007-08-17 16:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 16:14 --------- d-------- C:\Program Files\Real
2007-08-17 15:54 --------- d-------- C:\Program Files\Video Server E
2007-08-16 04:00 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-13 17:08 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\SecondLife
2007-08-12 02:11 --------- d-------- C:\Program Files\NZBPlayer
2007-08-11 16:19 --------- d-------- C:\Program Files\PartyGaming
2007-08-11 15:46 --------- d-------- C:\Program Files\Cypress USB 2.0 DVR
2007-08-11 15:17 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Microsoft Games
2007-08-11 02:10 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-08-11 02:10 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-08-10 20:37 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Skype
2007-08-09 01:49 --------- d-------- C:\Program Files\id Software
2007-08-06 04:25 --------- d-------- C:\Program Files\VideoLAN
2007-08-06 04:24 9453630 --a------ C:\Program Files\vlc-0.8.6a-win32.exe
2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 20:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-10 19:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-30 04:59 1572511 --a------ C:\Program Files\SetupImgBurn_2.3.2.0.exe
2007-06-30 04:53 8166272 --a------ C:\Program Files\Alcohol120_trial_1.9.6.5403.exe
2007-05-19 22:19 6182805 --a------ C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-05-19 09:33 6136608 --a------ C:\Program Files\winamp535_pro.exe
2007-04-28 02:07 20942920 --a------ C:\Program Files\SkypeSetup.exe
2007-04-17 21:46 113849647 --a------ C:\Program Files\OOo_2.2.0_Win32Intel_install_wJRE_en-US.exe
2007-04-16 07:43 5051008 --a------ C:\Program Files\TradeManagerInstall.exe
2007-02-08 01:56 25886966 --a------ C:\Program Files\WDM_R154.exe
2007-02-08 00:53 25886966 --a------ C:\Program Files\RTLCPL.exe
2007-01-19 13:23 14994392 --a------ C:\Program Files\GoogleEarthWin.exe
2006-11-23 19:51 611017728 --a------ C:\Program Files\PRISMGuardShield_Demo.exe
2006-11-22 04:21 43099 --a------ C:\Program Files\simpleviewer.zip
2006-11-21 19:50 535421557 --a------ C:\Program Files\WAR_FRONT_MULTIPLAYER_DEMO.EXE
2006-11-06 16:34 855344 --a------ C:\Program Files\WGAPluginInstall.exe
2005-11-23 21:07 4878136 --a------ C:\Program Files\Firefox Setup 1.0.7.exe
2005-10-06 12:47 2266608 --a------ C:\Program Files\ec22.exe
2005-10-05 21:21 3797975 --a------ C:\Program Files\BitTorrent-4.0.4.exe
2005-10-03 11:59 895488 --a------ C:\Program Files\iview397.exe
2005-02-04 16:24 10810909 --a------ C:\Program Files\avg70free_300a419.exe
2004-06-23 09:27 1531833 --a------ C:\Program Files\NT187.EXE
1999-05-06 01:30 956 --a------ C:\Program Files\DXINFO.CFG
1999-05-06 01:30 8170 --a------ C:\Program Files\README.TXT
1999-05-06 01:30 35328 --a------ C:\Program Files\DXLAUNCH.EXE
1999-05-06 01:30 35 --a------ C:\Program Files\AUTOPLAY.BAT
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-05_19.43.36.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-27 09:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 17,260,544 2007-10-05 08:26:07 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 487,424 2007-10-05 08:26:07 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-27 09:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 17,260,544 2007-10-05 08:25:52 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 487,424 2007-10-05 08:25:52 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}]
C:\Program Files\Go!Zilla\GoIEHlp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 10:03]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-08-17 10:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 19:40]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-06 03:06]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 12:26]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 21:04]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 21:04]
"WMC_AutoUpdate"="" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-01-04 14:43]
"VTTimer"="VTTimer.exe" [2005-03-08 08:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 09:15 C:\WINDOWS\system32\VTTrayp.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"P17Helper"="SPIRun.dll" [2006-07-03 12:43 C:\WINDOWS\system32\SPIRun.dll]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 10:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:55]
"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2007-09-19 00:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 06:36]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 19:44]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 11:27 C:\WINDOWS\MIDIDEF.EXE]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 23:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

C:\Documents and Settings\Jon_W\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]
PowerReg Scheduler.exe [2006-01-24 01:36:36]
Registration Lock On [2007-07-02 07:56:07]

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys
R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys
R3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys
S2 DCamUSB20;USB 2.0 Capture;C:\WINDOWS\system32\Drivers\CsMini20.sys
S2 Usb20Scan;USB 2.0 Still Image;C:\WINDOWS\system32\Drivers\CresScan.sys
S3 jbridgep;jbridgep;\??\C:\DOCUME~1\Jon_W\LOCALS~1\Temp\jbridgep.sys
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74496bc-405d-11d9-907b-806d6172696f}]
AutoRun\command- D:\autorun\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC100000-A322-BF20-D41D-B00000104603}]
C:\WINDOWS\scvhost.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 06

53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\WSST_Screen_Saver.ini
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\wwdslcfg.ini
C:\WINDOWS\wwdslcfg.log
C:\WINDOWS\XDICT.INI
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
C:\WINDOWS\Windows Update.log
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe

scan completed successfully
hidden files: 24

**************************************************************************
.
Completion time: 2007-10-06 6:08:01
C:\ComboFix-quarantined-files.txt ... 2007-10-06 06:07
C:\ComboFix2.txt ... 2007-10-05 19:44
.
--- E O F ---

-----------------------------------------------------------------------

SDFix: Version 1.107

Run by Jon_W on Sat 06/10/2007 at 06:17 a.m.

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Files with Hidden Attributes:

Mon 10 Jan 2005 40,960 A..HR --- "C:\WINDOWS\MustRead\Must Read.exe"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Thu 27 Jun 2002 73,728 A..H. --- "C:\WINDOWS\system32\IETie.dll"
Fri 7 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 22 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 3 Aug 2006 888 A..H. --- "C:\Documents and Settings\Jon_W\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 9 Dec 2006 20 A..H. --- "C:\Documents and Settings\Jon_W\My Documents\My Music\License Backup\drmv1lic.bak"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:39 a.m., on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: CPub Object - {CA70AF0D-0D07-4b80-9ECE-B0F1BEFC5822} - C:\Program Files\Byteswarm\DLInterceptor.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration Lock On
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.238/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B011FC-52BC-4B06-A2C6-284118F8F318}: NameServer = 210.48.65.2 210.48.66.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F125C6-8B6C-4CDF-88B4-6FD4DA61A6E4}: NameServer = 203.0.178.191
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10718 bytes

10-05-2007, 11:59 AM	#4 (permalink)
jimmyfishcake Registered User Join Date: Sep 2007 Posts: 5 OS: XP	Re: pc very slow, multiple trojans/malware, hijackthis log Hi, here are requested log files, the only problem was starting my pc in safemode, I tried until I was blue in the face & ended up using safemode via 'msconfig' which seemed to do the job. ComboFix 07-10-05.3 - Jon_W 2007-10-06 6:05:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.644 [GMT 13:00] Running from: C:\Documents and Settings\Jon_W\desktop\combofix.exe Command switches used :: /killall . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-05 21:25 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-05 19:40 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-02 22:32 <DIR> d-------- C:\Deckard 2007-09-30 22:34 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-30 22:10 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-09-30 06:38 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-09-30 00:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-28 08:04 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-09-28 08:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-28 08:04 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-09-12 09:22 <DIR> d-------- C:\Program Files\Mobiola Web Camera for S60 3Ed . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-06 05:22 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\OpenOffice.org2 2007-09-30 18:04 --------- d-------- C:\Program Files\Softdiv Audio Converter 2007-09-30 18:03 --------- d-------- C:\Program Files\Shareaza 2007-09-30 18:03 --------- d-------- C:\Program Files\PowerISO 2007-09-30 18:03 --------- d-------- C:\Program Files\PKR 2007-09-30 17:55 --------- d-------- C:\Program Files\Multimedia Combo Set 2007-09-30 17:55 --------- d-------- C:\Program Files\Microsoft IntelliPoint 2007-09-30 17:55 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-09-30 06:37 --------- d-------- C:\Program Files\Common Files\Real 2007-09-30 06:36 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Real 2007-09-30 04:31 --------- d-------- C:\Program Files\WinAce 2007-09-30 04:31 --------- d-------- C:\Program Files\QuickTime 2007-09-20 22:45 --------- d-------- C:\Program Files\Activision Value 2007-09-18 01:14 --------- d-------- C:\Program Files\TexasCalculatem 2007-09-17 21:21 --------- d-------- C:\Program Files\Poker.com 2007-09-15 19:32 --------- d-------- C:\Program Files\Axis & Allies 2007-09-03 10:27 --------- d-------- C:\Program Files\jetflash 2007-09-02 20:53 --------- d-------- C:\Program Files\ShotOnline International 2007-08-30 16:56 --------- d-------- C:\Program Files\CDisplay 2007-08-26 11:45 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\GrabIt 2007-08-21 23:14 --------- d-------- C:\Program Files\Steam 2007-08-21 15:42 --------- d-------- C:\Program Files\Winamp 2007-08-19 20:50 --------- d-------- C:\Program Files\American Systems 2007-08-19 20:44 2772480 --a------ C:\Program Files\psdlx.exe 2007-08-18 00:25 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Media Player Classic 2007-08-17 21:33 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-08-17 21:23 --------- d-------- C:\Program Files\Morgan 2007-08-17 21:23 --------- d-------- C:\Program Files\DivX 2007-08-17 21:22 13043226 --a------ C:\Program Files\klcodec330f.exe 2007-08-17 16:39 --------- d-------- C:\Program Files\GameSpy Arcade 2007-08-17 16:38 --------- d-------- C:\Program Files\GRETECH 2007-08-17 16:28 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-17 16:14 --------- d-------- C:\Program Files\Real 2007-08-17 15:54 --------- d-------- C:\Program Files\Video Server E 2007-08-16 04:00 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-13 17:08 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\SecondLife 2007-08-12 02:11 --------- d-------- C:\Program Files\NZBPlayer 2007-08-11 16:19 --------- d-------- C:\Program Files\PartyGaming 2007-08-11 15:46 --------- d-------- C:\Program Files\Cypress USB 2.0 DVR 2007-08-11 15:17 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Microsoft Games 2007-08-11 02:10 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-08-11 02:10 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-08-10 20:37 --------- d-------- C:\Documents and Settings\Jon_W\Application Data\Skype 2007-08-09 01:49 --------- d-------- C:\Program Files\id Software 2007-08-06 04:25 --------- d-------- C:\Program Files\VideoLAN 2007-08-06 04:24 9453630 --a------ C:\Program Files\vlc-0.8.6a-win32.exe 2007-07-30 20:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 20:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 20:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 20:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 20:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 20:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 20:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 20:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-10 19:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-30 04:59 1572511 --a------ C:\Program Files\SetupImgBurn_2.3.2.0.exe 2007-06-30 04:53 8166272 --a------ C:\Program Files\Alcohol120_trial_1.9.6.5403.exe 2007-05-19 22:19 6182805 --a------ C:\Program Files\Firefox Setup 2.0.0.3.exe 2007-05-19 09:33 6136608 --a------ C:\Program Files\winamp535_pro.exe 2007-04-28 02:07 20942920 --a------ C:\Program Files\SkypeSetup.exe 2007-04-17 21:46 113849647 --a------ C:\Program Files\OOo_2.2.0_Win32Intel_install_wJRE_en-US.exe 2007-04-16 07:43 5051008 --a------ C:\Program Files\TradeManagerInstall.exe 2007-02-08 01:56 25886966 --a------ C:\Program Files\WDM_R154.exe 2007-02-08 00:53 25886966 --a------ C:\Program Files\RTLCPL.exe 2007-01-19 13:23 14994392 --a------ C:\Program Files\GoogleEarthWin.exe 2006-11-23 19:51 611017728 --a------ C:\Program Files\PRISMGuardShield_Demo.exe 2006-11-22 04:21 43099 --a------ C:\Program Files\simpleviewer.zip 2006-11-21 19:50 535421557 --a------ C:\Program Files\WAR_FRONT_MULTIPLAYER_DEMO.EXE 2006-11-06 16:34 855344 --a------ C:\Program Files\WGAPluginInstall.exe 2005-11-23 21:07 4878136 --a------ C:\Program Files\Firefox Setup 1.0.7.exe 2005-10-06 12:47 2266608 --a------ C:\Program Files\ec22.exe 2005-10-05 21:21 3797975 --a------ C:\Program Files\BitTorrent-4.0.4.exe 2005-10-03 11:59 895488 --a------ C:\Program Files\iview397.exe 2005-02-04 16:24 10810909 --a------ C:\Program Files\avg70free_300a419.exe 2004-06-23 09:27 1531833 --a------ C:\Program Files\NT187.EXE 1999-05-06 01:30 956 --a------ C:\Program Files\DXINFO.CFG 1999-05-06 01:30 8170 --a------ C:\Program Files\README.TXT 1999-05-06 01:30 35328 --a------ C:\Program Files\DXLAUNCH.EXE 1999-05-06 01:30 35 --a------ C:\Program Files\AUTOPLAY.BAT 2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-05_19.43.36.71 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-09-27 09:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE ----a-w 17,260,544 2007-10-05 08:26:07 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat ----a-w 487,424 2007-10-05 08:26:07 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 163,328 2007-09-27 09:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE ----a-w 17,260,544 2007-10-05 08:25:52 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat ----a-w 487,424 2007-10-05 08:25:52 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}] C:\Program Files\Go!Zilla\GoIEHlp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 10:03] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-08-17 10:04] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-28 19:40] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-06 03:06] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 12:26] "DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 21:04] "DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 21:04] "WMC_AutoUpdate"="" [] "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-01-04 14:43] "VTTimer"="VTTimer.exe" [2005-03-08 08:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 09:15 C:\WINDOWS\system32\VTTrayp.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "P17Helper"="SPIRun.dll" [2006-07-03 12:43 C:\WINDOWS\system32\SPIRun.dll] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 10:48] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 22:25] "WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54] "WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:55] "PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2007-09-19 00:40] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 06:36] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 19:44] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13] "SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 11:27 C:\WINDOWS\MIDIDEF.EXE] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 23:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" C:\Documents and Settings\Jon_W\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56] PowerReg Scheduler.exe [2006-01-24 01:36:36] Registration Lock On [2007-07-02 07:56:07] R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys R3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys S2 DCamUSB20;USB 2.0 Capture;C:\WINDOWS\system32\Drivers\CsMini20.sys S2 Usb20Scan;USB 2.0 Still Image;C:\WINDOWS\system32\Drivers\CresScan.sys S3 jbridgep;jbridgep;\??\C:\DOCUME~1\Jon_W\LOCALS~1\Temp\jbridgep.sys S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74496bc-405d-11d9-907b-806d6172696f}] AutoRun\command- D:\autorun\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC100000-A322-BF20-D41D-B00000104603}] C:\WINDOWS\scvhost.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-06 0653 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? scanning hidden files ... C:\WINDOWS\wininit.ini C:\WINDOWS\winnt.bmp C:\WINDOWS\winnt256.bmp C:\WINDOWS\WinSxS C:\WINDOWS\WMFDist11.log C:\WINDOWS\wmp11.log C:\WINDOWS\wmp11Uninst.log C:\WINDOWS\wmsetup.log C:\WINDOWS\wmsetup10.log C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\WMSysPrx.prx C:\WINDOWS\WSST_Screen_Saver.ini C:\WINDOWS\Wudf01000Inst.log C:\WINDOWS\wwdslcfg.ini C:\WINDOWS\wwdslcfg.log C:\WINDOWS\XDICT.INI C:\WINDOWS\Zapotec.bmp C:\WINDOWS\_default.pif C:\WINDOWS\_MSRSTRT.EXE C:\WINDOWS\Windows Update.log C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe scan completed successfully hidden files: 24 ************************************************************************ . Completion time: 2007-10-06 6:08:01 C:\ComboFix-quarantined-files.txt ... 2007-10-06 06:07 C:\ComboFix2.txt ... 2007-10-05 19:44 . --- E O F --- ----------------------------------------------------------------------- SDFix: Version 1.107 Run by Jon_W on Sat 06/10/2007 at 06:17 a.m. Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Mon 10 Jan 2005 40,960 A..HR --- "C:\WINDOWS\MustRead\Must Read.exe" Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll" Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll" Thu 27 Jun 2002 73,728 A..H. --- "C:\WINDOWS\system32\IETie.dll" Fri 7 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 22 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Thu 3 Aug 2006 888 A..H. --- "C:\Documents and Settings\Jon_W\Application Data\SecuROM\UserData\securom_v7_01.bak" Sat 9 Dec 2006 20 A..H. --- "C:\Documents and Settings\Jon_W\My Documents\My Music\License Backup\drmv1lic.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:44:39 a.m., on 6/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\D-Link\DSL-200\dslstat.exe C:\Program Files\D-Link\DSL-200\dslagent.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: CPub Object - {CA70AF0D-0D07-4b80-9ECE-B0F1BEFC5822} - C:\Program Files\Byteswarm\DLInterceptor.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Registration Lock On O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing) O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.238/activex/AxisCamControl.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B011FC-52BC-4B06-A2C6-284118F8F318}: NameServer = 210.48.65.2 210.48.66.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F125C6-8B6C-4CDF-88B4-6FD4DA61A6E4}: NameServer = 203.0.178.191 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 10718 bytes