ComboFix 08-07-19.1 - gege 2008-07-20 21:40:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.559 [GMT 8:00] Running from: C:\Documents and Settings\gege\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\gege\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\adionalcoo.ini C:\WINDOWS\system32\hbqkimduly.dll C:\WINDOWS\system32\nbrqpsuzyy.dll C:\WINDOWS\system32\nbrqpsuzyy.fwd C:\WINDOWS\system32\qlgrmecxizmar.dll C:\WINDOWS\system32\reuraonfhn.dll C:\WINDOWS\system32\uyoaninvve.dll C:\WINDOWS\system32\uyoaninvve.fwd C:\WINDOWS\system32\wsllvqlxwpqne.dll C:\WINDOWS\system32\wsllvqlxwpqne.fwd . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adionalcoo.ini C:\WINDOWS\system32\hbqkimduly.dll C:\WINDOWS\system32\nbrqpsuzyy.dll C:\WINDOWS\system32\nbrqpsuzyy.fwd C:\WINDOWS\system32\qlgrmecxizmar.dll C:\WINDOWS\system32\reuraonfhn.dll C:\WINDOWS\system32\uyoaninvve.dll C:\WINDOWS\system32\uyoaninvve.fwd C:\WINDOWS\system32\wsllvqlxwpqne.dll C:\WINDOWS\system32\wsllvqlxwpqne.fwd . ((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))) . 2008-07-20 09:33 . 2008-07-20 09:37 d-------- C:\Program Files\WinMerge 2008-07-19 21:15 . 2008-07-19 21:15 d-------- C:\Documents and Settings\gege\Application Data\Logitech 2008-07-19 21:15 . 2008-07-19 21:15 d-------- C:\Documents and Settings\gege\Application Data\Leadertech 2008-07-19 21:14 . 2008-07-19 21:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-07-19 21:13 . 2008-07-19 21:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-19 21:12 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-07-19 21:12 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-07-19 21:12 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-07-19 21:12 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-07-19 21:12 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll 2008-07-19 21:11 . 2008-07-19 21:11 d-------- C:\Program Files\Logitech 2008-07-19 21:11 . 2008-07-19 21:15 d-------- C:\Program Files\Common Files\Logishrd 2008-07-19 21:11 . 2008-07-19 21:16 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-19 21:10 . 2008-07-19 21:10 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-07-19 21:06 . 2008-04-14 01:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-07-19 21:06 . 2008-04-14 01:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-07-19 15:23 . 2008-07-19 15:23 97,229,648 --a------ C:\WINDOWS\system32\backnew.dll 2008-07-19 15:18 . 2008-07-19 15:18 dr-hs---- C:\WINDOWS\system32\drivers\NPF.SYS 2008-07-19 15:18 . 2008-07-10 10:41 898 --a------ C:\WINDOWS\system32\hosts 2008-07-19 15:17 . 2008-07-19 15:17 97,424,136 --a------ C:\WINDOWS\system32\backup.dll 2008-07-19 15:15 . 2008-07-19 15:15 15,723 --a------ C:\WINDOWS\system32\backupie.dll 2008-07-19 15:14 . 2008-07-19 15:14 d-------- C:\WINDOWS\system32\YingInstall 2008-07-19 15:14 . 2008-07-19 15:14 d-------- C:\WINDOWS\system32\hsrjInstall 2008-07-19 13:17 . 2008-07-19 13:17 d-------- C:\Program Files\Dropbox 2008-07-19 13:17 . 2008-07-20 16:25 d-------- C:\Documents and Settings\gege\Application Data\Dropbox 2008-07-19 12:48 . 2008-07-19 12:48 d-------- C:\Program Files\Canon 2008-07-19 12:18 . 2008-07-19 12:18 d-------- C:\Program Files\Trend Micro 2008-07-19 07:46 . 2008-07-19 07:46 226,816 --a------ C:\WINDOWS\system32\liwothtuch.dll 2008-07-18 16:42 . 2008-07-18 16:44 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-18 10:43 . 2008-07-18 10:46 d-------- C:\Program Files\Look@LAN 2008-07-18 10:43 . 2008-07-18 10:42 720,896 --a------ C:\WINDOWS\iun6002.exe 2008-07-15 20:03 . 2008-07-15 20:04 d-------- C:\Program Files\Opera 2008-07-13 13:47 . 2008-07-13 13:47 d-------- C:\WINDOWS\system32\doc 2008-07-11 23:33 . 2008-07-11 23:33 d-------- C:\Documents and Settings\All Users\Application Data\Tencent 2008-07-11 23:32 . 2008-07-11 23:32 d-------- C:\Program Files\Tencent 2008-07-11 23:32 . 2008-07-11 23:32 d-------- C:\Documents and Settings\gege\Application Data\QQUpdate 2008-07-11 14:03 . 2008-07-11 14:03 d-------- C:\Program Files\Java 2008-07-11 14:03 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-11 14:02 . 2008-07-11 14:02 d-------- C:\Program Files\Common Files\Java 2008-07-10 10:51 . 2008-07-10 10:54 d-------- C:\Program Files\AutoCAD 2008 2008-07-10 10:51 . 2008-07-10 10:51 d-------- C:\Documents and Settings\gege\Application Data\Autodesk 2008-07-10 10:51 . 2008-07-10 10:55 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-07-10 10:44 . 2008-07-10 10:54 d-------- C:\Program Files\Common Files\Autodesk Shared 2008-07-10 10:44 . 2008-07-10 10:44 d-------- C:\Program Files\Autodesk 2008-07-09 22:04 . 2008-07-09 22:12 d-------- C:\Program Files\Typing Test TQ 2008-07-09 21:53 . 2008-07-09 21:53 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-07-06 07:53 . 2008-07-06 07:53 d-------- C:\Documents and Settings\gege\Application Data\Doomi.809F847005C7832B69625A614BB25CA209244440.1 2008-07-06 07:42 . 2008-07-06 07:42 d-------- C:\Documents and Settings\gege\Application Data\PCF-VLC 2008-07-05 22:39 . 2008-07-16 15:17 d-------- C:\Program Files\Paint.NET 2008-07-05 21:44 . 2008-07-05 21:44 d-------- C:\Documents and Settings\gege\Application Data\Participatory Culture Foundation 2008-07-05 21:26 . 2008-07-05 21:26 d-------- C:\Program Files\IrfanView 2008-07-05 21:01 . 2008-07-18 15:55 d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-05 21:01 . 2008-07-18 16:30 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-05 20:54 . 2008-07-05 20:54 d-------- C:\Documents and Settings\gege\Application Data\Auslogics 2008-07-05 18:45 . 2008-07-05 18:45 d-------- C:\Documents and Settings\gege\Application Data\Malwarebytes 2008-07-05 18:45 . 2008-07-05 18:45 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-03 21:57 . 2008-07-11 11:02 d-------- C:\Program Files\ruby 2008-07-03 00:41 . 2008-07-03 00:41 d-------- C:\Documents and Settings\gege\Application Data\gtk-2.0 2008-07-02 23:28 . 2008-07-02 23:28 d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2008-07-02 23:05 . 2008-05-16 00:51 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll 2008-07-02 23:05 . 2008-05-16 00:51 150,064 --a------ C:\WINDOWS\system32\vmnat.exe 2008-07-02 23:05 . 2008-05-16 00:51 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe 2008-07-02 23:05 . 2008-05-16 00:51 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll 2008-07-02 23:05 . 2008-05-16 00:51 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys 2008-07-02 23:05 . 2008-05-16 00:52 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys 2008-07-02 23:05 . 2008-05-16 00:51 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys 2008-07-02 23:05 . 2008-05-16 00:51 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys 2008-07-02 23:05 . 2008-05-16 00:51 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll 2008-07-02 23:04 . 2008-05-16 00:52 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys 2008-07-02 23:02 . 2008-07-02 23:02 d-------- C:\Program Files\VMware 2008-07-02 23:02 . 2008-07-02 23:02 d-------- C:\Program Files\Common Files\VMware 2008-07-02 11:15 . 2008-07-02 22:52 d-------- C:\Program Files\Common Files\Adobe 2008-07-02 11:11 . 2008-07-02 11:11 d-------- C:\Documents and Settings\gege\Application Data\ABBYY 2008-07-01 21:43 . 2008-07-01 21:43 d-------- C:\Documents and Settings\gege\Application Data\Inkscape 2008-06-30 07:46 . 2008-07-12 09:01 d-------- C:\Documents and Settings\gege\Application Data\VMware 2008-06-30 07:42 . 2008-07-02 23:06 d-------- C:\Documents and Settings\LocalService\Application Data\VMware 2008-06-30 07:40 . 2008-07-02 23:05 d-------- C:\Documents and Settings\All Users\Application Data\VMware 2008-06-26 22:07 . 2008-06-26 22:16 d-------- C:\Program Files\MySQL 2008-06-21 01:46 . 2008-06-21 01:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-21 01:46 . 2008-06-21 01:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 19:51 . 2008-06-20 19:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 19:40 . 2008-06-20 19:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 19:08 . 2008-06-20 19:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-20 13:38 --------- d-----w C:\Documents and Settings\gege\Application Data\Vidalia 2008-07-20 13:38 --------- d-----w C:\Documents and Settings\gege\Application Data\tor 2008-07-20 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-19 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-19 03:51 --------- d-----w C:\Program Files\Google 2008-07-18 06:20 --------- d-----w C:\Documents and Settings\gege\Application Data\MySQL 2008-07-17 23:50 --------- d-----w C:\Documents and Settings\gege\Application Data\uTorrent 2008-07-15 00:01 --------- d-----w C:\Documents and Settings\gege\Application Data\Babylon 2008-07-14 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-07-12 13:31 --------- d-----w C:\Documents and Settings\gege\Application Data\foobar2000 2008-07-11 15:28 --------- d-----w C:\Program Files\Microsoft Works 2008-07-04 15:18 --------- d-----w C:\Documents and Settings\gege\Application Data\XnView 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 06:42 --------- d-----w C:\Program Files\totalcmd 2008-06-19 14:29 --------- d-----w C:\Program Files\Babylon 2008-06-18 08:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-06-18 08:18 249,856 ------w C:\WINDOWS\Setup1.exe 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 16:54 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-11 16:35 --------- d-----w C:\Program Files\foobar2000 2008-05-30 13:31 --------- d-----w C:\Documents and Settings\gege\Application Data\Apple Computer 2008-05-29 15:40 --------- d-----w C:\Program Files\clisp-2.45 2008-05-27 14:53 --------- d-----w C:\Program Files\iTunes 2008-05-27 14:53 --------- d-----w C:\Program Files\iPod 2008-05-27 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-27 14:52 --------- d-----w C:\Program Files\Common Files\Apple 2008-05-27 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-26 05:40 --------- d-----w C:\Program Files\Picasa2 2008-05-23 15:18 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-15 15:32 219,696 ----a-w C:\WINDOWS\system32\vmnc.dll 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-04-25 11:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2008-06-20 08:51 143360 --a------ C:\Program Files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2008-06-20 08:51 143360 --a------ C:\Program Files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2008-06-20 08:51 143360 --a------ C:\Program Files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360] "TaskSwitchXP"="E:\My Documents\PortApps\taskswitchxp\TaskSwitchXP.exe" [2006-08-05 02:29 62976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 19:01 135168] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 04:36 872448] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 09:27 1015808] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 15:03 40960] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 22:39 131072] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-24 19:00 131072] "Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 18:15 251376] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 18:06 1443072] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-06-19 18:45 3165920] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 22:00 88203 C:\WINDOWS\AGRSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HoeKey.lnk - E:\My Documents\PortApps\HoeKey\HoeKey.exe [2007-10-26 04:24:48 18944] Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-06-22 10:17:54 274432] Mouse and Keyboard Settings.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-19 22:31:51 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Ruby\\bin\\ruby.exe"= "E:\\My Documents\\PortApps\\utorrent.exe"= "E:\\My Documents\\PortApps\\eMule0.49a\\emule.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\clisp-2.45\\base\\lisp.exe"= "C:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"= "C:\\Program Files\\Tencent\\TM\\TMDLLS\\TM.exe"= "C:\\Program Files\\Look@LAN\\LookAtHost.exe"= "C:\\Program Files\\Look@LAN\\LookAtLan.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 18:11] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 20:00] S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe [2008-04-14 08:12] S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 16:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ec2878a-2075-11dc-a002-0014a5bf997c}] \Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 21:42:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ??@??????????????@? ????N??????(?@??????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL] "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . Completion time: 2008-07-20 21:44:32 ComboFix-quarantined-files.txt 2008-07-20 13:43:38 Pre-Run: 4,443,295,744 bytes free Post-Run: 4,432,138,240 bytes free 260 --- E O F --- 2008-06-20 12:56:49