Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Name: Jennifer SUMN
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:12 AM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe modeRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\Crypt16.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Admin\cftmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Admin\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Pctspk - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\4707.tmp
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--
End of file - 4337 bytesLife's more painless for the brainless.
0 
Heya Jennifer,
There are a few nasty infections on this machine.
Included with the infections that HJT is showing is a password stealer and backdoor trojan which allow attackers remote access.
Please refrain from any further online financial activity, and if you have access to another uninfected PC change all your online passwords as soon as you are able
For extra precaution it is adviseable that your important data be backed up to external media.
Go to Add / Remove programs in the control panel and if present remove ShopperReports.
If you already have Ccleaner or ATF cleaner installed run it to clean the cache and temporary files.
Download SDFix to your desktop.
Click here to download SDFix by Andy Manchesta
Double click SDFix.exe on your desktop and it will extract the files to the root directory where your operating system resides.
Next boot your pc into "Safe mode" using the f8 key during start-up.
Please do not use msconfig method whenever booting into "Safe Mode" for malware removal as this can cause boot loop
1) Open the extracted SDFix folder and double click RunThis to start the script. This can be found in the root directory usually C:\SDFix.
2) Type Y to begin the cleanup process.
3) It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
4) Press any Key and it will restart the PC.
5) When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
6) Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).7) Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
0
Thanks for the help. I won't have physical access to the machine until Thursday, but I'll follow your recommendations.
Life's more painless for the brainless.
0 0
Heya Jennifer,
Apologies for my tardy response.
The HJT log is looking alot better, but there are still a couple of entries that need to be taken care of.
Open HJT and click on "Do a system scan only", navigate and put a check mark next to the entries shown in red below.
O2 - BHO: (no name) - {5D4CEB56-BDCF-4003-AE98-025FCE8569EE} - C:\WINDOWS\system32\qoMeBrqr.dll (file missing)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXIn staller_2-0-0.cab
O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\4707.tmp (file missing)
Be sure to mark the correct entries as HJT does repairs at the registry level and an incorrect selection can cause serious damage to the operating system.
Close all open windows (including this one), except for HJT and select "Fix Checked"
Download Malware Bytes AntiMalware (MBAM) to your desktop.
Click here to start MBAM download
Once downloaded close all windows (including this one) and double click the file on your desktop Download_mbam-setup.exe
During the installation leave the options to Launch and Update checked.
When the installation has finished MBAM will open, perform the complete scan.
Remove everything it finds.
When the program has finished a notepad document will open, please copy / paste its contents in your next reply.
BitDefender Online Scanner
Using Internet Explorer go to the link below
Avoid other online activity and deactivate your AV program and any real-time monitoring for the duration of the scan.
Click here to go to BitDefender Online Scanner
When prompted install the activex control.
Click on the "Scan" button when ready.
Please be patient as the process can take a while.
Once the scan has completed click on the "Detected Problems" tab.
Click on the "Click here to export scan" button.
Save the file as an "HTML" document to your desktop.
When you are ready to paste the results back here double click the HTML document you saved to the desktop earlier. Click on "Edit" > "Select all" then right click copy / paste the information back here.
Can you reboot the pc and post another HJT log please.
Logs:
MBAM
BitDefender
HJT
0
Thanks so much for the help. I meant to post again yesterday. Symantec was conintually catching two items as being infected; socket.dll and ws2_32.dll I tried Killbox, Unlocker, and Move on Boot, and couldn't get rid of those.
I can't access the web with the problem machine. Any other suggestions as far as running a scan?
Thanks again so much!!
Life's more painless for the brainless.
0
Here's the requested log:
removing so the thread isn't so long
Life's more painless for the brainless.
0
Heya Jennifer,
You didn't select removal by MBAM.
Can you run the scan and remove all it finds... there's a bit of malware there.
After you run MBAM, (please remove all it finds before you continue) follow the steps below for Combofix.
Download Combofix to your desktop.
Note: It is important that it is saved directly to your desktop
Click here to download Combofix by sUBs
Close any open browsers and windows except for Combofix
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.Note: Do not mouseclick combofix's window while it's running it can cause the program to freeze/hang.
In some cases your Antivirus or other realtime scanner will display an alert after you downloaded Combofix or while you use Combofix, please disable your scanners, delete the copy off the desktop and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them. There's nothing wrong with Combofix, heuristic detection can report this false positive because of combofixs removal technique.
0
I did delete all detected...after I posted the log. :)
Life's more painless for the brainless.
0
Heya Jennifer,
Again apologies for the late response, my ISP has shaped my connection to slower than dial-up and at the moment any online activity is painfully slow.
I am currently researching your CF log.
A couple of questions,
When did the internet connectivity on this machine fail? At what point during the cleaning process? If it was after the HJT fix we will need to restore the changes and move on with the Combofix repair.
Have you submitted the two files that are being continually flagged by your AV program for an online scan?
If not can you run them through Jotti, just copy and paste the address of them in the box at the top of the page. They will have to be submitted one at a time. There are a couple of other questionable entries I would like you to submit also.
Click here to go to Jotti Online Malware Scanner
Click on the browse button at the top of the page and navigate to each of the files one at a time and submit. Or copy and paste the text below (one line at a time) into the box
C:\WINDOWS\system32\sockets.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\cisvc.exe.tmp
C:\WINDOWS\system32\1112.dat
I have the fix prepared but I will first need to see the result of the file scans.
0
The machine didn't lose network connectivity as far as I know. For Security reasons, I can't connect it to the network here.
I wasn't aware I could submit the files for an online scan, so I've done that now on the link you provided. I was unable to copy the ws2_32.dll; I received and access denied error.
Now what do I do? :)
Life's more painless for the brainless.
0
What were the results for the other files you submitted?
Their removal is included in the next fix, and I don't want legitimate files deleted so I wil need to remove them if they are ok.
ws2_32.dll is a legitimate file that can become infected, I am excluding it in the fix for now. We will need to run an online scan to check it's validity shortly.
Can you let me know the results of the other 3 files.
0
I'm sorry. This is the first time I've done this, and It wasn't clear to me that you needed me to post the results of the scan. I guess I thought that was your site and you could view the info! :)
cisvc.exe.tmp - found the following:
AntiVir - TR/Crypt.XPACK.Gen
Avast - Win32.Trojan-gen {Other}
Ikarus - Trojan.crypt.XPACK
Sophos ANtivirus - Mal/EncPk-DB
Nothing found on the other two.Life's more painless for the brainless.
0
Sorry for the long delay,
I've been reviewing your log in bite size chunks due to the speed of my internet at the moment.
Can you disable any real-time protection.
Open notepad, Don't use any other text editor than notepad or the script will fail.
Copy/paste the bold blue text below into notepad(NOTE:File:: is to show at the very top of the document):
File::
C:\36.tmp
C:\35.tmp
C:\34.tmp
C:\33.tmp
C:\WINDOWS\VPC32.INISave this as a text file with name of CFScript. Select "All files" from Save as Type. Save to the desktop.
Now click and drag the CFScript file onto the combofix icon on your desktop.
Can you post the log it produces please.
The sockets.dll and ws2_32.dll that appeared on the Combofix log in the system32 folder appear to be legitimate files. I'm not sure why they are being flagged by Symantec.
If you still get alerts from Symantec regarding these files, you can copy these files off an XP cd, or download them and place them on the desktop of the infected pc.
Boot the infected pc into safe mode (use the F8 method to do this, avoid using msconfig), navigate to the system 32 folder and rename the existing sockets.dll and ws2_32.dll to sockets.dll.old and ws2_32.dll.old then place the two new ones from the desktop into the system32 folder.
Reboot the pc and see if Symantec continues to flag these files.
0
K. Here's the new log:
ComboFix 08-07-21.2 - Admin 2008-07-31 12:03:56.3 - NTFSx86
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\33.tmp
C:\34.tmp
C:\35.tmp
C:\36.tmp
C:\WINDOWS\VPC32.INI
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\33.tmp
C:\34.tmp
C:\35.tmp
C:\36.tmp
C:\WINDOWS\VPC32.INI.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.2008-07-23 12:45 . 2008-07-23 12:45 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-07-22 10:04 . 2008-07-22 10:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:04 . 2008-07-22 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 10:04 . 2008-07-22 10:04 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-07-22 10:04 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 10:04 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 13:09 . 2008-07-18 13:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-18 10:46 . 2008-07-18 10:46 <DIR> d-------- C:\Program Files\GiPo@Utilities
2008-07-18 10:45 . 2008-07-18 10:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-18 08:10 . 2008-07-18 11:09 <DIR> d-------- C:\Program Files\Unlocker
2008-07-17 09:23 . 2008-07-17 09:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-17 09:21 . 2008-07-17 13:56 <DIR> d-------- C:\SDFix
2008-07-17 09:20 . 2008-07-23 12:38 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 09:20 . 2008-07-17 09:21 <DIR> d-------- C:\Program Files\CCleaner
2008-07-17 09:19 . 2008-07-17 09:19 <DIR> d-------- C:\temp
2008-07-17 09:19 . 2008-07-17 09:10 2,919,360 --a------ C:\temp\ccsetup209.exe
2008-07-17 09:19 . 2008-07-17 09:03 1,442,142 --a------ C:\temp\SDFix.exe
2008-07-15 10:04 . 2008-07-15 10:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 08:15 . 2008-07-15 08:15 <DIR> d-------- C:\Documents and Settings\jns7
2008-07-15 08:15 . 2001-08-17 22:36 86,016 --a------ C:\WINDOWS\system32\pctspk.exe
2008-07-15 08:15 . 2001-08-17 22:36 86,016 --a--c--- C:\WINDOWS\system32\dllcache\pctspk.exe
2008-07-15 08:05 . 2008-07-15 08:05 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\U3
2008-06-15 16:37 . 2008-06-15 16:37 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-15 16:37 . 2008-06-15 16:37 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-15 16:37 . 2008-06-15 16:37 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-15 16:37 . 2008-06-15 16:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-15 16:36 . 2008-06-15 16:37 <DIR> d-------- C:\Program Files\Symantec
2008-06-15 16:35 . 2008-06-15 16:40 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-15 16:35 . 2008-06-15 16:39 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-15 16:35 . 2008-06-15 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-15 16:33 . 2008-06-15 16:34 <DIR> d-------- C:\SAV1017win32
2008-06-10 19:55 . 2008-07-17 09:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 17:46 . 2008-06-05 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 17:46 . 2008-06-05 16:29 1,409 --a------ C:\WINDOWS\QTFont.for.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 12:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 19:51 10,240 ----a-w C:\WINDOWS\system32\netdde.exe
2008-06-09 19:49 10,240 ----a-w C:\WINDOWS\system32\msdtc.exe
2008-06-09 19:49 10,240 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
2008-06-05 20:29 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll
2004-08-04 12:00 4,096 --sha-w C:\WINDOWS\system32\1112.dat
.------- Sigcheck -------
2008-06-05 16:29 82944 b293ce7870755d71062eb064bf153576 C:\WINDOWS\system32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 20:48 125368]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-11-21 12:56:01 217088][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.JDCT"= jl_jdct.drv[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-16 21:34]
R2 Pctspk;Pctspk;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 09:28]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 22:09]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-16 21:34]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-16 21:34]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\SSNDIS5.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cac2bef-b0a9-11dc-8d9f-0030bdb9a4c6}]
\Shell\AutoRun\command - D:\LACIEDVD.exe
.
**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 12:07:16
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasMan]
"ImagePath"="C:\DOCUME~1\Admin\LOCALS~1\Temp\4707.tmp"
.
Completion time: 2008-07-31 12:10:40
ComboFix-quarantined-files.txt 2008-07-31 16:10:24
ComboFix2.txt 2008-07-23 11:33:47
ComboFix3.txt 2008-07-22 19:02:00Pre-Run: 12,919,062,528 bytes free
Post-Run: 12,908,052,480 bytes free124
Life's more painless for the brainless.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
