أسـعــد الله أوقاتكم بكل خير
هذا تقريري اذا ممكن تفيدوني بالي فيه واكون شاكر لكم .
كود:
ComboFix 08-11-22.02 - user 11/24/2008 0:14:34.1 - NTFSx86
كود:
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.265 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=red][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\addon.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
C:\setup.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\Bifrost
c:\windows\system32\Bifrost\klog.dat
c:\windows\system32\bifrost\server.exe
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 18:29 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-11-07 22:35 --------- d-----w c:\program files\PcMedik
2008-11-07 22:09 --------- d-----w c:\program files\ScanSpyware v3.8.0.4
2008-11-07 21:57 --------- d-----w c:\program files\Anti Tracks 3
2008-11-07 21:48 --------- d-----w c:\documents and settings\user\Application Data\Nero
2008-11-07 21:45 --------- d-----w c:\program files\Chabner Short
2008-11-07 21:40 --------- d-----w c:\program files\Smarty Uninstaller Pro
2008-11-07 21:30 --------- d-----w c:\program files\ESET
2008-11-07 21:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-07 21:16 --------- d-----w c:\program files\Symantec
2008-11-07 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-07 20:54 --------- d-----w c:\program files\Kaspersky Lab
2008-11-07 20:47 --------- d-----w c:\program files\Luxor
2008-11-05 22:22 --------- d-----w c:\program files\Common Files\Softwin
2008-11-05 20:00 --------- d-----w c:\program files\Acoustica Mixcraft
2008-11-05 19:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 19:20 --------- d-----w c:\documents and settings\user\Application Data\TuneUp Software
2008-11-05 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-05 19:15 --------- d-----w c:\program files\TweakNow RegCleaner Pro
2008-11-05 18:59 --------- d-----w c:\program files\Yahoo!
2008-11-05 18:58 --------- d-----w c:\program files\CyberLink
2008-11-05 18:57 --------- d-----w c:\program files\Nokia
2008-11-04 11:50 --------- d-----w c:\program files\Advanced Registry Optimizer
2008-11-04 09:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 03:22 --------- d-----w c:\program files\MSBuild
2008-10-31 03:17 --------- d-----w c:\program files\Reference Assemblies
2008-10-31 02:57 --------- d-----w c:\documents and settings\user\Application Data\DMCache
2008-10-26 08:44 --------- d-----w c:\program files\www.cproxy.com
2008-10-25 23:07 70,907 ----a-w C:\DD.EXE
2008-10-25 23:07 2,765,952 ----a-w C:\PROPELSETUP.EXE
2008-10-25 23:07 --------- d-----w c:\program files\Propel Accelerator
2008-10-25 12:29 --------- d-----w c:\documents and settings\user\Application Data\Yahoo!
2008-10-24 12:19 --------- d-----w c:\program files\SmartWAVConverter Pro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 --------- d-----w c:\program files\All Video Sound Extractor
2008-10-21 07:50 --------- d-----w c:\documents and settings\user\Application Data\gramlink
2008-10-21 07:49 --------- d-----w c:\program files\MSN Messenger
2008-10-21 07:49 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-21 07:49 --------- d-----w c:\program files\gramlink
2008-10-21 07:49 --------- d-----w c:\program files\Circle Developement
2008-10-21 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\flag barb cake wipe
2008-10-15 06:35 --------- d-----w c:\program files\FairStars Audio Converter
2008-10-15 06:24 --------- d-----w c:\program files\RM to MP3 Converter
2008-10-14 08:53 --------- d-----w c:\program files\ZyDAS Technology Corporation
2008-10-14 08:52 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-10 02:14 --------- d-----w c:\documents and settings\user\Application Data\LimeWire
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-04-05 20:42 0 -c--a-w c:\program files\MultiTransefind.ini
2006-06-27 02:40 571,184 --sha-r c:\windows\system32\legitcheckcontrol.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [03/27/2008 02:12 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5802008]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/30/2005 04:56 PM 1380352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"Proc browse"="c:\docume~1\user\APPLIC~1\gramlink\Aimaxis.exe" [10/21/2008 10:49 AM 569856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [06/26/2008 02:01 PM 181488]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [06/26/2008 02:01 PM 181488]
"[URL="http://www.cproxy.com"="c:\program"]www.cproxy.com"="c:\program[/URL] files\www.cproxy.com\CPROXY.exe" [04/22/2007 11:02 AM 1896448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM 2395328]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [11/21/2007 03:04 AM 218496]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [10/30/2007 01:06 PM 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [01/18/2008 06:13 PM 2247]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/07/2005 06:02 PM 163840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/07/2005 05:59 PM 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/07/2005 06:03 PM 196608]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/14/2008 03:12 AM 169984]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [12/13/2005 08:49 AM 290816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [05/06/2008 07:16 PM 255528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [06/29/2007 06:24 AM 364544]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 214416]
"Cake Wipe Inside Wma"="c:\documents and settings\All Users\Application Data\flag barb cake wipe\Ref Wipe.exe" [10/29/2008 10:00 PM 1088000]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [06/26/2008 02:01 PM 181488]
"RegDefrag"="c:\program files\TweakNow RegCleaner Pro\RegCleaner.exe" [09/20/2005 07:45 AM 1191936]
"BDSwitchAgent"="c:\program files\Softwin\BitDefender9\bdswitch.exe" [04/06/2005 02:09 PM 33280]
"BDNewsAgent"="c:\program files\Softwin\BitDefender9\bdnagent.exe" [06/09/2005 11:28 AM 9728]
"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [03/11/2005 06:53 PM 159744]
"BDMCon"="c:\program files\Softwin\BitDefender9\bdmcon.exe" [01/11/2006 06:32 PM 364544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 03:12 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-10-14 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= -1 (0xffffffff)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= -1 (0xffffffff)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCurrentUserRun"= 1 (0x1)
"DisableCurrentUserRunOnce"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= -1 (0xffffffff)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 01/11/2008 10:16 PM 109424 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 03/01/2007 10:37 AM 2395328 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 03:12 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 06/29/2007 06:24 AM 364544 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/06/2008 07:16 PM 255528 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\FLAGBA~1\\REFWIP~1.EXE"=
"c:\\Program Files\\BrOnZ Patch Pro\\XoftSpySE\\XoftSpy.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13401:TCP"= 13401:TCP:PORT_13401
R2 BandLuxe_Service;BandLuxe Service;"c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe" -e [2008-06-03 87264]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\sfnljq.sys []
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [2008-09-03 100096]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-10-14 477696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{343fdf4a-5709-11dd-9d42-0012f0de08f0}]
\Shell\AUtoPlaY\coMManD - F:\nfbkpi.exe
\Shell\AutoRun\command - F:\nfbkpi.exe
\Shell\eXPloRe\COmManD - F:\nfbkpi.exe
\Shell\open\CoMmand - F:\nfbkpi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d69c6bc-e845-11dc-9bfc-0012f0de08f0}]
\ShelL\AutoplAy\CoMmANd - F:\ypdtc.exe
\ShelL\AutoRun\command - F:\ypdtc.exe
\ShelL\explore\coMmAnd - F:\ypdtc.exe
\ShelL\OPEn\command - F:\ypdtc.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7D7391F2-321A-27FE-0F09-3C20FB21A1F4}]
c:\documents and settings\user\Desktop\MsnCamHack.exe
.
s of the 'Scheduled Tasks' folder
2008-11-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []
2008-11-23 c:\windows\Tasks\AD2587FA918E3BF6.job
- c:\docume~1\user\applic~1\gramlink\cash more name.exe [10/21/2008 10:50 AM]
2008-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
2008-09-10 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [07/25/2008 05:55 PM]
2008-11-23 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe [03/20/2008 08:00 PM]
2008-11-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe [03/20/2008 08:00 PM]
.
- - - - ORPHANS REMOVED - - - -
BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Sound - c:\windows\system32\sound.exe
Notify-NavLogon - (no file)
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Zobrazit origin?l
IE: Zobrazit origin?l - c:\program files\[URL="http://www.cproxy.com\original.htm"]www.cproxy.com\original.htm[/URL]
IE: Zobrazit v?e jako origin?l
IE: Zobrazit v?e jako origin?l - c:\program files\[URL="http://www.cproxy.com\originalAll.htm"]www.cproxy.com\originalAll.htm[/URL]
O16 -: Microsoft XML Parser for Java - [URL]file:///C:/WINDOWS/Java/classes/xmldso.cab[/URL]
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://66.186.63.170/talk.cab
c:\windows\Downloaded Program Files\talk.inf
c:\windows\Downloaded Program Files\ReadUid.ocx - O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA}
hxxp://66.186.63.170/ReadUid.CAB
c:\windows\Downloaded Program Files\ReadUid.INF
c:\program files\LtUcx\1003\c0.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\IMCSec.dll
O16 -: {C171FF59-8C55-4796-A398-4F5D02B4C763}
hxxp://209.11.242.27/imscp/talks2.cab
c:\windows\Downloaded Program Files\talks.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-11-24 00:18:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\sockspy.dll
c:\windows\system32\antiwpa.dll
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\sockspy.dll
.
Completion time: 11/24/2008 0:20:14
ComboFix-quarantined-files.txt 2008-11-23 21:19:18
Pre-Run: 5,009,305,600 bytes free
Post-Run: 5,036,060,672 bytes free
288 --- E O F --- 2008-11-18 00:04:10
