Thanks again!
Here is the Combofix log:
ComboFix 08-03-10.1 - Zach 2008-03-10 20:23:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT -4:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Zach\Application Data\CROSOF~1.NET
C:\Documents and Settings\Zach\Application Data\CROSOF~1.NET\??crosoft.NET\
C:\Documents and Settings\Zach\Application Data\CROSOF~1.NET\mshta.exe
C:\Documents and Settings\Zach\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Zach\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Zach\Application Data\Install.dat
C:\Documents and Settings\Zach\Application Data\WinTouch
C:\Documents and Settings\Zach\Application Data\WinTouch\fusion.cfg.916b0de11aa3a44b17d0c48816f5055a.07a48ea92d19c55de72f0278023c4e44
C:\Documents and Settings\Zach\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Zach\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Zach\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Zach\install.exe
C:\Documents and Settings\Zach\My Documents\MCROSO~1.NET
C:\Documents and Settings\Zach\My Documents\MCROSO~1.NET\n?tepad.exe
C:\Documents and Settings\Zach\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Zach\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Zach\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\install.exe
C:\Program Files\Common Files\{388EC~1
C:\Program Files\Common Files\{388EC~1\Bar888.dll
C:\Program Files\Common Files\{388EC~1\UnInstall.exe
C:\Program Files\Common Files\{388EC~2
C:\Program Files\Common Files\{388EC~2\Bar888.dll
C:\Program Files\Common Files\{388EC~2\system.dll
C:\Program Files\Common Files\{388EC~2\UnInstall.exe
C:\Program Files\Common Files\{388EC~2\Update.exe
C:\Program Files\Common Files\{388EC~3
C:\Program Files\Common Files\{388EC~3\Bar888.dll
C:\Program Files\Common Files\{388EC~3\system.dll
C:\Program Files\Common Files\{388EC~3\UnInstall.exe
C:\Program Files\deluxecommunications
C:\Program Files\deluxecommunications\Dxc.exe
C:\Program Files\deluxecommunications\DxcBho.dll
C:\Program Files\deluxecommunications\DxcCore.dll
C:\Program Files\deskalerts
C:\Program Files\deskalerts\basis.xml
C:\Program Files\deskalerts\Cache\e832b941f059b5e8b09f048e1f35996c.xml
C:\Program Files\deskalerts\cancel_button.gif
C:\Program Files\deskalerts\deskbar.crc
C:\Program Files\deskalerts\deskbar.dll
C:\Program Files\deskalerts\deskbar.inf
C:\Program Files\deskalerts\history.html
C:\Program Files\deskalerts\hs_delete.bmp
C:\Program Files\deskalerts\hs_search.bmp
C:\Program Files\deskalerts\icons.bmp
C:\Program Files\deskalerts\mbclose.bmp
C:\Program Files\deskalerts\mblogo.bmp
C:\Program Files\deskalerts\newversion.txt
C:\Program Files\deskalerts\notify.wav
C:\Program Files\deskalerts\options.html
C:\Program Files\deskalerts\save_button.gif
C:\Program Files\deskalerts\title_back.gif
C:\Program Files\deskalerts\version.txt
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Messenger\fsoxywuiv.html
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\winpop
C:\WINDOWS\b104.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\bisekhfu.dll
C:\WINDOWS\system32\bkd.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\2new.exe
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\Delcom.exe
C:\WINDOWS\system32\bund1\mac.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bund1\Yzz.exe
C:\WINDOWS\system32\bund1\zq.exe
C:\WINDOWS\system32\dyeiywiv.dll
C:\WINDOWS\system32\metahpsn.dll
C:\WINDOWS\system32\nsphatem.ini
C:\WINDOWS\system32\oiieglg.dll
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\ubeflrnf.dll
C:\WINDOWS\system32\wnstscc.exe
C:\WINDOWS\WmFjaA\
C:\WINDOWS\WmFjaA\\asappsrv.dll
C:\WINDOWS\WmFjaA\\command.exe
C:\WINDOWS\WmFjaA\\qAI3uE.vbs
C:\WINDOWS\WmFjaA\command.exe
C:\x.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Client IP-IPX
-------\cmdService
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.
2008-03-10 19:56 . 2008-03-10 19:56 43,060 --a------ C:\WINDOWS\hGFdeYYm64pUIdwQ.exe
2008-03-05 22:29 . 2008-03-05 22:29 <DIR> d-------- C:\Program Files\nvcoi
2008-03-04 09:55 . 2008-03-04 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-03-04 09:54 . 2008-03-04 09:54 <DIR> d-------- C:\Program Files\BUILDONLINEMEMO
2008-03-04 09:39 . 2008-03-04 09:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-03-04 09:38 . 2008-03-04 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-04 09:37 . 2008-03-04 09:37 <DIR> dr-hs---- C:\_Backup.RC
2008-03-04 09:37 . 2008-03-10 20:18 <DIR> d--h----- C:\_Backup
2008-03-04 09:31 . 2008-03-04 09:31 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Avanquest
2008-03-04 09:30 . 2008-03-04 09:30 <DIR> d-------- C:\Program Files\Avanquest
2008-03-04 09:22 . 2008-03-04 09:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 21:09 . 2008-03-03 21:06 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-03 21:09 . 2008-03-03 21:09 2,538 --a------ C:\WINDOWS\unins000.dat
2008-03-03 19:09 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-03 18:41 . 2008-03-03 18:41 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-03 18:30 . 2008-03-03 18:30 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 04:05 --------- d-----w C:\Program Files\Trend Micro
2008-03-06 01:33 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-06 01:31 --------- d-----w C:\Program Files\Coding Workshop Ringtone Converter
2008-03-05 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 14:09 --------- d-----w C:\Program Files\Windows TaskAd
2008-03-04 13:55 --------- d-----w C:\Documents and Settings\Zach\Application Data\BUILDONLINEMEMO
2008-03-04 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 01:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-31 18:15 29,600 ----a-w C:\WINDOWS\system32\mxntdfg.exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-30 03:25 25,214 ----a-w C:\Program Files\B.ico
2007-08-30 03:25 25,214 ----a-w C:\Program Files\A.ico
2007-08-30 03:25 217,707 ----a-w C:\Program Files\b.zip
2007-08-30 03:25 201,628 ----a-w C:\Program Files\a.zip
2007-08-28 14:48 209 ----a-w C:\Documents and Settings\Zach\7999.bat
2007-08-28 14:46 32,768 ----a-w C:\Documents and Settings\Zach\setup9x.exe
2007-08-27 15:34 209 ----a-w C:\Documents and Settings\Zach\7212.bat
2007-08-27 15:33 46,464 ----a-w C:\Documents and Settings\Zach\app.exe
2007-06-01 00:34 167 ----a-w C:\Documents and Settings\Zach\9322.bat
2007-05-30 02:52 167 ----a-w C:\Documents and Settings\Zach\8543.bat
2007-05-29 23:15 167 ----a-w C:\Documents and Settings\Zach\7485.bat
2007-05-29 23:11 218,607 ----a-w C:\Program Files\c.zip
2007-04-17 01:00 167 ----a-w C:\Documents and Settings\Zach\9624.bat
2007-04-17 00:50 167 ----a-w C:\Documents and Settings\Zach\8343.bat
2007-04-06 02:40 167 ----a-w C:\Documents and Settings\Zach\7030.bat
2007-04-01 16:59 167 ----a-w C:\Documents and Settings\Zach\2862.bat
2007-03-27 02:27 114 ----a-w C:\Documents and Settings\Zach\hhjj.bat
2007-03-18 03:03 201 ----a-w C:\Documents and Settings\Zach\q.bat
2007-03-05 02:32 63 ----a-w C:\Documents and Settings\Zach\yyd.bat
2006-12-15 16:26 56 --sh--r C:\WINDOWS\system32\6BBBA92CDF.sys
2006-12-15 16:26 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFEBC9CE-F8B2-4EF8-86ED-374376EEECD1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB103367-1C75-4AE2-B7A0-2296236DE6D1}]
2007-03-17 21:47 70144 --a------ C:\Program Files\Messenger\bapujoc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 20:39 176201]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Wbt"="C:\Documents and Settings\Zach\My Documents\M?crosoft.NET\n?tepad.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 11:23 68856]
"wait internet"="C:\DOCUME~1\Zach\APPLIC~1\BUILDO~1\sixth log.exe" [2008-03-04 09:54 445952]
"Uaol"="C:\DOCUME~1\Zach\APPLIC~1\CROSOF~1.NET\mshta.exe" [ ]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 22:29 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 18:30 823362]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-20 03:19 185896]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-02-01 04:05 173312]
"Browse new fork rule"="C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\Rect lies.exe" [2008-03-10 20:47 2928640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-01-12 10:32 128648]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-28 13:17:11 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{388EC8F2-06C0-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-06C0-1033-0928-050506220001}\Update.exe" mc-110-12-0000140
"{388EC8F2-06C1-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-06C1-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
"{388EC8F2-031E-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-031E-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{388EC8F2-06C1-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-06C1-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
"{388EC8F2-06C0-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-06C0-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
"{388EC8F2-031E-1033-0928-050506220001}"= "C:\Program Files\Common Files\{388EC8F2-031E-1033-0928-050506220001}\Update.exe" mc-110-12-0000140
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghih]
mljghih.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqom]
rqrqqom.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=67.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 18:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 03:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 16:01 67584 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 16:59 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 12:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 21:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uaol]
C:\DOCUME~1\Zach\APPLIC~1\CROSOF~1.NET\mshta.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wait internet]
--a------ 2008-03-04 09:54 445952 C:\DOCUME~1\Zach\APPLIC~1\BUILDO~1\sixth log.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 14:11]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 04:05]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 12:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - MAILSCAN
.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 00:00:01 C:\WINDOWS\Tasks\AEF1781F918EE8CB.job"
- c:\docume~1\zach\applic~1\buildo~1\Gram help bleh.exe
"2008-03-05 21:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-10 20:45:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-03-10 20:49:02 - machine was rebooted [Zach]
ComboFix-quarantined-files.txt 2008-03-11 00:48:58
.
2008-03-04 05:43:48 --- E O F ---
Here is the CCleaner Install.txtAdobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOLIcon
Apple Software Update
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
CCleaner (remove only)
CiD Help
Conexant D110 MDC V.9x Modem
CopySafe Plugin
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
EducateU
ESPNMotion
GemMaster Mystic
Google Toolbar for Internet Explorer
GTR 2 Demo
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-02-07
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mp3Decode
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
NoDNS
nvcoi
Power Tab Editor 1.7
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer
Sanyo USB Driver
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Copy Module
Sonic DLA
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SystemSuite 8 Professional
Teach Me Guitar v1.03
The Sims 2
TMASOEDL
TMASOLDL
Tony Hawks Pro Skater 4 Demo
Trend Micro PC-cillin Internet Security 12
TriJinx
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Weather Maker RX Demo
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
Win-Touch.com
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! Toolbar
Here is a new HiJackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:32 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://awesomehomepage.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BFEBC9CE-F8B2-4EF8-86ED-374376EEECD1} - \
O2 - BHO: 0 - {DB103367-1C75-4AE2-B7A0-2296236DE6D1} - C:\Program Files\Messenger\bapujoc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [Browse new fork rule] C:\Documents and Settings\All Users\Application Data\Wait Find Browse New\Rect lies.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wbt] "C:\Documents and Settings\Zach\My Documents\M?crosoft.NET\n?tepad.exe" 99001122
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wait internet] C:\DOCUME~1\Zach\APPLIC~1\BUILDO~1\sixth log.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Zach\APPLIC~1\CROSOF~1.NET\mshta.exe" -vt yazb
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Policies\Explorer\Run: [{388EC8F2-06C0-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-06C0-1033-0928-050506220001}\Update.exe" mc-110-12-0000140
O4 - HKCU\..\Policies\Explorer\Run: [{388EC8F2-06C1-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-06C1-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Policies\Explorer\Run: [{388EC8F2-031E-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-031E-1033-0928-050506220001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{388EC8F2-06C1-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-06C1-1033-0928-050506220001}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{388EC8F2-031E-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-031E-1033-0928-050506220001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{388EC8F2-06C1-1033-0928-050506220001}] "C:\Program Files\Common Files\{388EC8F2-06C1-1033-0928-050506220001}\Update.exe" mc-110-12-0000137 (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} -
http://dinet.info/n/us26/n.cabO20 - AppInit_DLLs: 67.dll
O20 - Winlogon Notify: mljghih - mljghih.dll (file missing)
O20 - Winlogon Notify: rqrqqom - rqrqqom.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10145 bytes