RSS Forums RSS
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community

hacktool.rootkit / backdoor.generic2.ppu issue

Join Date: Apr 2006
Posts: 12
Reputation: tanggeng is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tanggeng tanggeng is offline Offline
Newbie Poster

Re: hacktool.rootkit / backdoor.generic2.ppu issue

  #8  
Apr 20th, 2006
Got ride of the baidu folder under safe mode.

Performed all the above instructions.

Adware and Spy Sweeper both cannot remove the cnsmin thing.

Also, I get a CnsHook.dll error on ewido anti-malware almost every single time I perform an action on my machine.

Below are the HJT and Spy Sweeper Logs. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 21:32:49, on 2006-4-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

********
20:48: | Start of Session, 2006年4月20日 |
20:48: Spy Sweeper started
20:48: Sweep initiated using definitions version 662
20:48: Starting Memory Sweep
20:48: Found Adware: cnsmin
20:48: Detected running threat: C:\WINDOWS\downlo~1\CnsHook.dll (ID = 53247)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll (ID = 53267)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnsio.dll (ID = 192138)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsHook.dll (ID = 53247)
20:50: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnshint.dll (ID = 239052)
20:50: Memory Sweep Complete, Elapsed Time: 00:02:59
20:50: Starting Registry Sweep
20:51: HKCR\adkiller.adkillerobj\ (5 subtraces) (ID = 106148)
20:51: HKCR\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106158)
20:51: HKCR\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106159)
20:51: HKCR\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106162)
20:51: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
20:51: HKCR\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 106166)
20:51: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
20:51: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
20:51: HKLM\software\classes\adkiller.adkillerobj\ (5 subtraces) (ID = 106184)
20:51: HKLM\software\classes\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106189)
20:51: HKLM\software\classes\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106190)
20:51: HKLM\software\classes\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106192)
20:51: HKLM\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106206)
20:51: HKLM\software\classes\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106209)
20:51: HKLM\software\cnnic\ (ID = 106210)
20:51: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (40 subtraces) (ID = 106213)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (1 subtraces) (ID = 106237)
20:51: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
20:51: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
20:51: HKCR\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106261)
20:51: HKCR\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106266)
20:51: HKLM\software\3721\ (4 subtraces) (ID = 872107)
20:51: HKLM\software\3721\cnsmin\ (3 subtraces) (ID = 872108)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\ (19 subtraces) (ID = 872138)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\security\ (1 subtraces) (ID = 872152)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ (3 subtraces) (ID = 872154)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {d157330a-9ef3-49f8-9a67-4141ac41add4} (ID = 958059)
20:51: HKCR\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973025)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973117)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\1.0\ (8 subtraces) (ID = 973118)
20:51: HKCR\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018466)
20:51: HKCR\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018486)
20:51: HKCR\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018492)
20:51: HKLM\software\classes\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018635)
20:51: HKLM\software\classes\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018655)
20:51: HKLM\software\classes\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018661)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || count (ID = 1018678)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || nextinstance (ID = 1018679)
20:51: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
20:51: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
20:51: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
20:51: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
20:51: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || 0 (ID = 1047525)
20:51: HKLM\system\currentcontrolset\enum\root\legacy_cnsminkp\ (10 subtraces) (ID = 1147491)
20:51: HKLM\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 1240267)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\3721\ (5 subtraces) (ID = 106182)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsautoupdate (ID = 106221)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsenable (ID = 106222)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnslist (ID = 106224)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsmenu (ID = 106225)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
20:51: Registry Sweep Complete, Elapsed Time:00:00:11
20:51: Starting Cookie Sweep
20:51: Found Spy Cookie: adjuggler cookie
20:51: geng@rotator.adjuggler[1].txt (ID = 2071)
20:51: Found Spy Cookie: myaffiliateprogram.com cookie
20:51: geng@www.myaffiliateprogram[2].txt (ID = 3032)
20:51: Cookie Sweep Complete, Elapsed Time: 00:00:00
20:51: Starting File Sweep
20:51: c:\windows\downloaded program files\3721 (3 subtraces) (ID = -2147469211)
20:51: c:\program files\3721 (1 subtraces) (ID = -2147481237)
20:51: cnsminio.dll (ID = 53267)
20:51: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.exe". The system cannot find the path specified
20:51: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.ilg". The system cannot find the path specified
20:51: cnshook.dll (ID = 53247)
20:51: cns1.exe (ID = 53246)
20:51: cnsmindt.dll (ID = 53261)
20:53: cnsminex.cab (ID = 53262)
20:53: cns.exe (ID = 53246)
20:53: cnsio.dll (ID = 192138)
20:54: Warning: Failed to open file "c:\documents and settings\geng\recent\¤y¤o§? - °?¤@.lnk". The filename, directory name, or volume label syntax is incorrect
20:56: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.cat". The system cannot find the file specified
20:56: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
20:57: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.hdr". The system cannot find the path specified
20:57: cns.dll (ID = 53245)
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.exe". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.policy". The system cannot find the file specified
20:59: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
21:00: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.policy". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\_setup.dll". The system cannot find the path specified
21:05: cnsmindt.cab (ID = 53260)
21:05: cnsminex.dll (ID = 53263)
21:06: cnshint.dll (ID = 239052)
21:06: cns02.dat (ID = 180455)
21:06: cnsmin.dll (ID = 53251)
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.hdr". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.hdr". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.exe". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.inx". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.exe". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
21:12: cnsminex.ini (ID = 53264)
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.exe". The system cannot find the path specified
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.cab". The system cannot find the path specified
21:14: cnsmincg.ini (ID = 53257)
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.exe". The system cannot find the path specified
21:19: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.inx". The system cannot find the path specified
21:20: cnsmin.ini (ID = 53255)
21:21: File Sweep Complete, Elapsed Time: 00:30:22
21:21: Full Sweep has completed. Elapsed time 00:33:37
21:21: Traces Found: 436
21:21: Removal process initiated
21:24: Quarantining All Traces: cnsmin
21:24: cnsmin is in use. It will be removed on reboot.
21:24: c:\program files\3721 is in use. It will be removed on reboot.
21:24: cnsminio.dll is in use. It will be removed on reboot.
21:24: cnsio.dll is in use. It will be removed on reboot.
21:24: cnshint.dll is in use. It will be removed on reboot.
21:24: clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\security\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\enum\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\curver\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\clsid\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: Quarantining All Traces: adjuggler cookie
21:24: Quarantining All Traces: myaffiliateprogram.com cookie
21:24: Warning: Launched explorer.exe
21:24: Warning: Quarantine process could not restart Explorer.
21:24: Preparing to restart your computer. Please wait...
21:24: Removal process completed. Elapsed time 00:02:47
21:28: Processing Startup Alerts
21:28: Allowed Startup entry: ibmmessages
********
20:46: | Start of Session, 2006年4月20日 |
20:46: Spy Sweeper started
20:47: Your spyware definitions have been updated.
20:47: Updating spyware definitions
20:47: Your definitions are up to date.
20:48: | End of Session, 2006年4月20日 |
Reply With Quote  
Forums | Blogs | Tutorials | Code Snippets | Whitepapers | RSS Feeds | Advertising
All times are GMT -4. The time now is 3:27 am.
Newsletter Archive - Sitemap - Privacy Statement - Acceptable Use Policy - Contact Us
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC