Yes, I am currently using NOD32, although this program did not seem to prevent anything from happening, so I will be uninstalling it when all this is finished. Any recommendations on a better Anti-Virus Software to use would be appreciated.
Here are the logs:
--------------
ComboFix Log:
--------------
ComboFix 08-07-26.1 - Rion 2008-07-26 14:20:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1026 [GMT -5:00]
Running from: C:\Users\Rion\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rion\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FM3VLUCN\interclick.com
C:\Users\Rion\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FM3VLUCN\interclick.com\ud.sol
C:\Users\Rion\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Rion\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\System32\cJRsrtwa.ini
C:\Windows\System32\cJRsrtwa.ini2
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\NUwvvCfe.ini
C:\Windows\System32\NUwvvCfe.ini2
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll
D:\Autorun.inf
J:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-25 20:32 . 2008-07-25 20:32 <DIR> d-------- C:\Users\Rion\AppData\Roaming\Malwarebytes
2008-07-25 20:32 . 2008-07-25 20:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-25 20:32 . 2008-07-25 20:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-25 20:32 . 2008-07-25 20:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 20:32 . 2008-07-23 20:09 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-25 20:32 . 2008-07-23 20:09 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-25 19:56 . 2008-07-25 19:56 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-07-25 19:16 . 2008-07-25 20:28 <DIR> d-------- C:\VundoFix Backups
2008-07-25 15:15 . 2008-07-25 15:52 <DIR> d-------- C:\Program Files\ScanSpyware v3.8
2008-07-25 15:10 . 2008-07-25 15:10 5 --a------ C:\Windows\System32\SndDrv32b.ini
2008-07-25 15:09 . 2008-07-25 16:09 <DIR> d-------- C:\Program Files\jv16 PowerTools
2008-07-25 15:00 . 2008-07-25 15:01 <DIR> d-------- C:\security
2008-07-25 14:58 . 2008-07-25 14:58 <DIR> d-------- C:\vscan
2008-07-25 13:29 . 2008-07-25 13:31 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-25 13:23 . 2008-07-25 13:23 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-25 12:07 . 2008-07-25 12:05 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-07-24 13:31 . 2008-07-24 13:52 <DIR> d-------- C:\Users\Public\Games
2008-07-23 12:34 . 2008-07-23 12:34 268 --ah----- C:\sqmdata03.sqm
2008-07-23 12:34 . 2008-07-23 12:34 244 --ah----- C:\sqmnoopt03.sqm
2008-07-22 22:51 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-22 22:50 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-22 22:50 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-17 16:47 . 2008-07-17 16:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-17 16:47 . 2008-07-17 16:47 1,409 --a------ C:\Windows\QTFont.for
2008-07-15 18:09 . 2008-07-15 18:09 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-07-08 20:53 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 20:53 . 2008-04-26 03:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-08 20:53 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-08 20:53 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-08 20:53 . 2008-05-09 22:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-08 20:53 . 2008-04-04 20:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-08 20:53 . 2008-04-04 22:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-08 20:52 . 2008-05-08 16:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-08 20:52 . 2008-05-08 16:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-08 20:52 . 2008-05-08 16:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-08 20:52 . 2008-05-08 16:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-08 20:52 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-08 20:52 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-08 20:52 . 2008-05-08 16:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-08 18:15 . 2008-07-08 18:17 <DIR> d-------- C:\Program Files\AIMTunes
2008-07-08 17:06 . 2008-07-08 17:06 <DIR> d-------- C:\Program Files\Dziobas Rar Player
2008-07-07 21:16 . 2008-07-07 21:16 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-07-07 21:16 . 2008-07-07 21:19 23 --a------ C:\Users\Rion\jagex_runescape_preferences.dat
2008-07-01 19:20 . 2008-07-01 19:20 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-01 19:20 . 2008-07-01 19:20 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-06-29 18:52 . 2008-06-29 18:52 <DIR> d-------- C:\Program Files\LucasArts
2008-06-27 23:44 . 2008-06-27 23:44 <DIR> d-------- C:\AeriaGames
2008-06-26 12:55 . 2008-06-26 12:55 4,096 --a------ C:\Windows\d3dx.dat
2008-06-26 12:35 . 2008-06-26 12:35 <DIR> d-------- C:\Windows\Saints & Sinners Bowling
2008-06-26 12:35 . 2008-06-26 12:35 <DIR> d-------- C:\Windows\Rocket Bowl
2008-06-26 12:34 . 2008-06-26 12:47 <DIR> d-------- C:\Windows\Gutterball 2
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Windows\Anime Bowling Babes
2008-06-26 12:31 . 2008-06-26 12:35 <DIR> d-------- C:\Program Files\Bowling
2008-06-26 01:42 . 2008-06-26 02:13 <DIR> d-------- C:\Program Files\3D Ultra Pinball CreepNight
2008-06-26 01:41 . 2008-06-26 02:06 <DIR> d-------- C:\Program Files\3D Ultra Pinball
2008-06-26 00:23 . 2008-06-26 00:23 <DIR> d-------- C:\Program Files\Acidx Productions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 19:10 --------- d-----w C:\Users\Rion\AppData\Roaming\Xfire
2008-07-26 19:08 --------- d-----w C:\Program Files\ESET
2008-07-26 10:19 --------- d-----w C:\Users\Rion\AppData\Roaming\foobar2000
2008-07-25 20:22 --------- d-----w C:\Program Files\Curse
2008-07-25 18:26 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-25 17:55 --------- d-----w C:\Users\Rion\AppData\Roaming\uTorrent
2008-07-24 18:52 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-24 18:13 --------- d-----w C:\Program Files\Burn4Free
2008-07-24 06:24 --------- d-----w C:\ProgramData\Xfire
2008-07-23 12:12 --------- d-----w C:\Program Files\Xfire
2008-07-15 20:51 --------- d-----w C:\Program Files\World of Warcraft
2008-07-11 04:20 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-11 04:19 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-09 08:07 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 23:17 --------- d-----w C:\Program Files\AIM6
2008-07-08 23:16 --------- d-----w C:\ProgramData\AOL Downloads
2008-07-08 23:15 --------- d-----w C:\ProgramData\Viewpoint
2008-07-08 23:14 --------- d-----w C:\ProgramData\AOL
2008-07-08 21:05 --------- d-----w C:\Program Files\Java
2008-06-29 23:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:08 --------- d-----w C:\Program Files\VirtualDubMod
2008-06-21 11:12 --------- d-----w C:\Program Files\FunPause Atlantis
2008-06-19 08:40 --------- d-----w C:\Program Files\TryMedia
2008-06-19 08:38 --------- d-----w C:\Program Files\Yahoo! Games
2008-06-09 10:01 --------- d-----w C:\ProgramData\MumboJumbo
2008-06-08 03:36 --------- d-----w C:\Program Files\MobMapUpdater
2008-05-29 22:21 --------- d-----w C:\Program Files\Valvesoftware
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-03-21 03:41 174 --sha-w C:\Program Files\desktop.ini
2007-11-14 19:22 22,328 ----a-w C:\Users\Rion\AppData\Roaming\PnkBstrK.sys
2007-07-23 16:24 0 ----a-w C:\Users\Rion\AppData\Roaming\wklnhst.dat
2007-08-05 01:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-05 01:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-05 01:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-02-23 01:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022220070223\index.dat
2007-02-23 16:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022320070224\index.dat
2007-02-24 23:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022420070225\index.dat
2007-02-26 03:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022520070226\index.dat
2007-02-27 14:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022720070228\index.dat
2007-02-28 18:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007022820070301\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 10:01 182744]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 13:56 423424]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 15:39 151552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-31 16:40 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-31 16:40 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-31 16:40 126976]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-03 03:46 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 22:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 22:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 22:28 81920]
"CHotkey"="zHotkey.exe" [2006-11-07 17:08 547840 C:\Windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 12:13 36864 C:\Windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 17:34 53248 C:\Windows\ModPS2Key.exe]
"P17Helper"="P17.dll" [2005-05-02 22:38 64512 C:\Windows\System32\P17.dll]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 11:38 303104 C:\Windows\sttray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 18:27 9117696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-02 20:16 49152 C:\Windows\MIDIDEF.EXE]
"DefaultP17"="P17Def.Exe" [2005-05-02 22:35 20480 C:\Windows\P17DEF.EXE]
C:\Users\Rion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= I263_32.drv
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.xvid"= xvid.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
--a------ 2006-11-16 19:04 2348584 c:\Program Files\BigFix\bigfix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-17 18:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2006-05-10 14:52 249856 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4003477587-3145471023-3728799210-1001]
"EnableNotificationsRef"=dword:00000003
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4003477587-3145471023-3728799210-500]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0CA77071-095F-425A-B903-67C1BAE7C57D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{9ADA0F11-6FDA-42B3-9811-FEB370107DB3}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{73312F8B-1ADE-418D-940A-9E63562062D8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{7AE56B14-0DF8-4773-9907-724694FC87ED}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{D7D661D1-F9B1-4D3B-8994-546B8E526129}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server
"{E7CA01BB-D96A-4316-953C-8E09B510BF97}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server
"{0DFB510C-C20C-424A-9854-12DCBDF3A54D}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv Media Server Discovery
"{D732540B-8727-4E75-8E54-F83F9C1BC214}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery
"{110E5761-6991-47A2-BB7A-00169EB1E7C9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A7C6F45B-3831-4C1C-919F-51EFD740F266}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{29889E81-CA06-4F2A-86E3-97CF859589AD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D76701EB-3D10-4E2E-A730-E0964A7882A9}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{945116BD-15A1-4F86-B9A7-08C31EFDFACD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{802F82F5-49A0-4868-9DC9-DFF479D28850}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0CF140C8-43EC-4610-9CD9-9C396B3824D0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D529FCC4-23D6-4D8D-8220-37F3DB4F8108}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DA9DCB01-FF17-4C8E-AE36-34C2505F7DC9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{459460B3-959B-4A3B-80BD-256EA40E77F5}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5A6E6C06-AC00-4894-8B09-9AC6FA698FBE}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{B43ED56E-D036-421C-AF29-092646C0E98F}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"TCP Query User{6FA9C4D4-F3CD-42A2-AEDC-12BF8533B716}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142
"UDP Query User{CCF1605D-E33E-453D-B80A-00EB058264E2}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142
"TCP Query User{319B875E-E8BF-42DD-9E79-CEB6237E78FF}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{17774CF2-ED6F-4EA9-9CE3-9DDC82A97D3E}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{789F0244-5348-4FE0-81CA-A2CCB477A914}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{F5DECE9A-78F2-4755-9484-294C2E9F8CD6}C:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:C:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"TCP Query User{E914028A-DD6F-4D44-A10A-13ABC3E7892D}C:\\program files\\ea games\\medal of honor pacific assault\\mohpa.exe"= UDP:C:\program files\ea games\medal of honor pacific assault\mohpa.exe:Medal of Honor Pacific Assault
"UDP Query User{7FE1E1F4-E640-4473-8318-26F76C311535}C:\\program files\\ea games\\medal of honor pacific assault\\mohpa.exe"= TCP:C:\program files\ea games\medal of honor pacific assault\mohpa.exe:Medal of Honor Pacific Assault
"TCP Query User{DE1392FF-523B-4734-B6AA-C23A09C67FF3}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{CE8156EE-4C28-45B4-85AB-8C5A828226E3}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{8974DAF6-15C2-443C-81AC-7576E9FD87BB}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{BC677363-1A3A-4F52-AA32-16BFA1B9A83C}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{5FC40756-12A8-4760-9344-C519572BF325}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{65849FA5-1568-4505-9535-196EDE7BF27F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{BD5EDE06-4686-4033-8B72-BBC0B5689DD4}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{257A2A26-0307-4782-9273-AF4A9E62D510}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{77143EED-2831-4DD7-86BC-4F01B7431BBA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{76185481-0709-496C-B542-E8A957A42119}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{43F41021-AEFE-48DE-B7BE-3A03E53D6FF9}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:SPEED2
"UDP Query User{680BFB71-3A3B-477D-B433-DBC3E2B56EDB}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:SPEED2
"TCP Query User{67FDFA8D-0707-493F-BEED-447B7EAE21BC}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{423D7EB8-56D7-4655-9B62-3F709A9292D6}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{EACEF7A6-C015-44FA-8EAA-1A6BCD7651E7}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F5F36DD8-E811-483A-84A9-16BB3DD855BE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{8B6E1E6A-938A-4E80-A941-1176A2AE06ED}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{A9D9810B-5F24-454F-80DF-CF4BBC0C59BD}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{F0213E3D-57BE-41F5-B701-C53CBE3EE7B7}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= UDP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{7986767A-2BC1-4FBC-B0BD-371B6C66C6AD}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= TCP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"{F219062A-390D-4777-907E-C0A38D0A3290}"= UDP:C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin:LevelR
"{5D6B619F-8A90-43E8-8EC4-FF38E716276B}"= TCP:C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin:LevelR
"TCP Query User{DD85D45D-C2AB-4CA8-96A7-9AAB50D624AC}C:\\program files\\real\\realone player\\realplay.exe"= UDP:C:\program files\real\realone player\realplay.exe:RealPlayer
"UDP Query User{6044F4A2-DD11-4109-A443-3D63999A0667}C:\\program files\\real\\realone player\\realplay.exe"= TCP:C:\program files\real\realone player\realplay.exe:RealPlayer
"TCP Query User{5B54F778-4E88-43A2-BAE8-705911931AEA}C:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:C:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{E9E7BC7F-D7FF-4B43-AC27-72D7E20A1572}C:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:C:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"TCP Query User{5EFDEF61-6449-4A1E-9E36-89F8B0FE78C4}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{E5A7EB07-0284-4393-986D-A421B1A76EB5}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"{4D8CA647-A7E3-4E16-BCAA-563FF65BB6AB}"= UDP:C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.exe:Project Torque
"{FC6861FD-79D8-44D4-AC3B-011E1DB77DFD}"= TCP:C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.exe:Project Torque
"TCP Query User{86B462C1-1D15-4F78-BB71-A85D17C1FB76}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A0961D16-ADC3-4F1A-8BC9-8D422FB5544F}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{4A846E3C-377A-48F2-BCD5-50624C183D76}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{FFA1DD44-C006-4F87-B093-9381835BF5A5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{57171072-0548-4DA5-9DF1-09587F5E34C8}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1C20C67B-0D6D-4CF2-B784-5A7899B4AD03}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{AD373400-6CC8-46C6-8859-54F1D13E6B7C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{942B815C-41F9-45EF-A0F3-2B34A463CC75}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5DC4DCC5-BAAD-4288-B98A-1E01BE26947B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BE965CC6-1D3C-4E8D-8083-42B3FA4AD532}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{1BAA962F-E87B-477B-8361-5FFB6FD3FAFA}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{DECC2F80-E086-4C01-B6FB-DAF577C4C844}C:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{66EB304E-4C49-4A9C-B74B-35EB99274E1D}C:\\program files\\microsoft games\\halo server\\haloded.exe"= UDP:C:\program files\microsoft games\halo server\haloded.exe:Halo
"UDP Query User{946395C4-5A80-4E86-9F20-277685E1354E}C:\\program files\\microsoft games\\halo server\\haloded.exe"= TCP:C:\program files\microsoft games\halo server\haloded.exe:Halo
"{FED1E5D6-728A-4D42-B9DA-2F0F751659BF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{806A10FF-C94C-48E8-907E-FFDBA1CFFBC5}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{081DDAF7-3B1D-4CFC-A5B4-0459D79D6418}"= UDP:59682:utor1
"{DA5CAA2A-AF5A-4A18-B35A-5F6A3FAB59E3}"= TCP:59682:utor2
"{F7F9B471-8A23-46C9-86D7-36379F77810C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9CCC0380-DF7E-4794-938B-EF41FD0721E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{356BF28E-BCEE-414D-B884-7E426561B33E}J:\\storage\\rion's documents\\mirc\\scripts\\mako unlimited\\mirc.exe"= UDP:J:\storage\rion's documents\mirc\scripts\mako unlimited\mirc.exe:mIRC
"UDP Query User{28AF9C60-D46A-4FB1-BEDE-C8BD7206F72D}J:\\storage\\rion's documents\\mirc\\scripts\\mako unlimited\\mirc.exe"= TCP:J:\storage\rion's documents\mirc\scripts\mako unlimited\mirc.exe:mIRC
"TCP Query User{E37B1E31-CBC1-4EFA-A272-734F18460B47}C:\\users\\rion\\desktop\\mirc\\mako unlimited\\mirc.exe"= UDP:C:\users\rion\desktop\mirc\mako unlimited\mirc.exe:mirc.exe
"UDP Query User{C5CEE48E-3E2D-4105-95C4-DF81D9F09A24}C:\\users\\rion\\desktop\\mirc\\mako unlimited\\mirc.exe"= TCP:C:\users\rion\desktop\mirc\mako unlimited\mirc.exe:mirc.exe
"TCP Query User{5CF13511-F8DC-4B01-B35F-87D48A94C0A8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F6041952-51D4-4D66-9E9A-13B76CBD80DE}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{8AF6748C-2520-4454-B911-290DE7F13DEE}C:\\program files\\ares ultra\\ares ultra.exe"= UDP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"UDP Query User{C9FC2096-CC1B-4B4D-8826-9369D46219E7}C:\\program files\\ares ultra\\ares ultra.exe"= TCP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"{0322623F-6F0B-451C-AFEF-A947FF650783}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A4FAAC73-E481-446A-9297-7C43702CD3DC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{786AB8F0-264E-4413-BA55-3F46F6835656}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary
"UDP Query User{E2768079-CAE5-40C2-ABD0-91FEB834A856}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary
"{4A5EBACE-3DC8-4855-A85D-99687179119B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{02B2D936-B559-480B-BAAD-00E2217329F4}C:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= UDP:C:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"UDP Query User{15FBD1D1-ED03-49EC-BE36-DE9EE8B7D2F3}C:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= TCP:C:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"TCP Query User{21E2DA68-4749-4050-B3D4-7DB4FD6A7AC3}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{B7C557A6-3A9F-4ACA-AB71-409A01C2236A}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"{03B85133-9309-4DE1-BF4E-07FC5738A0F8}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{FD5763F6-864C-4485-88CA-288CABB62943}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{A0822C29-7144-4216-92CC-938411282D7F}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{C35428DA-74D4-4982-8FC5-6D3AD79088CB}"= TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Groove Games\\LASR\\LASR.exe"= C:\Program Files\Groove Games\LASR\LASR.exe:*:Enabled:LASR
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 12:03]
R2 lxcz_device;lxcz_device;C:\Windows\system32\lxczcoms.exe [2007-02-08 18:50]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 19:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 18:49]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2006-12-21 10:00]
S2 NMSAccessU;NMSAccessU;C:\Users\Rion\AppData\Local\Temp\{74F93B7A-5FFE-4B01-9EAD-44FF2467B3C3}\NMSAccessU.exe []
S3 ICAM3NT5;Intel USB Video Camera III;C:\Windows\system32\Drivers\Icam3USB.sys [2000-08-08 00:55]
S3 MAC607;MAC607 Filter;C:\Windows\system32\DRIVERS\MAC607.sys [2007-06-25 01:35]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 PL-40R;CASIO USB MIDI;C:\Windows\system32\Drivers\pl40rwdm.sys [2004-10-01 02:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\AutoRun\command - M:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\Windows\Tasks\User_Feed_Synchronization-{A770F690-9522-4A97-B748-9D9016172653}.job - C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - ORPHANS REMOVED - - - -
BHO-{43F203E2-F8FD-4BD7-A0B2-75988D6EE012} - C:\Windows\system32\efCvvwUN.dll
BHO-{C32D9423-FE23-4890-82CF-2F3423F47046} - C:\Users\Rion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2PZNRXK\3077ahntdksr[1].dll
HKCU-Run-Aim6 - (no file)
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-SpyHunter - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
MSConfigStartUp-Microsoft Updates - svehost.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wowhead.com/
R0 -: HKLM-Main,Start Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5404
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-26 14:39:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_libmad.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\ESET\nod32krn.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
.
**************************************************************************
.
Completion time: 2008-07-26 14:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 19:50:20
Pre-Run: 34,023,215,104 bytes free
Post-Run: 33,439,498,240 bytes free
384 --- E O F --- 2008-07-25 18:28:51