I'm using Windows XP. When run with symantec, I have a hacktool.rootkit message that repeatedly comes up and asks for reboot, which does not fix the issue. When run with AVG, the error turns in to backdoor.generic2.ppu of which AVG cannot fix either. Below is the log from my HJT run. Please give some suggestions. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 17:13:41, on 2006-4-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 百度超级�霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义�� - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信��该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精�下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {83DFBFF3-1455-4538-8036-39D2057787DF} - C:\WINDOWS\gsSecurity1.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

HI, please run HJT again and select Do system scan only.

Then check these items.


O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll

O3 - Toolbar: 百度超级�霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll

O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32

O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe

O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe

O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 添加到QQ自定义�� - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ彩信��该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用比特精�下载(&B) - C:\Program Files\BitSpirit\bsurl.htm

O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll

O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll

O18 - Filter: text/html - {83DFBFF3-1455-4538-8036-39D2057787DF} - C:\WINDOWS\gsSecurity1.dll



Then click Fix Checked

---------------------------------------------------------------

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Now Start killbox Copy the list of files below to the clipboard by selecting all of them with your mouse (Left click the start of the list and drag the mouse to the bottom of the list) and when they are all selected ( highlighted in blue) right click on any part of the blue area and say copy

In the Killbox, Go to the toolbar press file and select Paste from clipboard. The first file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then press the red X again and continue to press untill the last file on the list appears in the window & it says deleted.

File list:

If any give you an deletion error, just take not of which it was then skip it...

Then please delete the folloqing folder.

C:\Program Files\Tencent\QQ\

Then empty recycle bin

-------------------------------------------------------
Then download ewido (www.ewido.net). Install. Update. Scan. (Save the log).

Post a new HJT log, and ewido log

Followed all the procedures. Semantec seems to be no longer giving the error, but AVG still gives a "While opening file: C:\WINDOWS\system32\drivers\BDGuard.SYS Trojan horse BackDoor.Generic2.PPU" virus detection error. Still will not fix.

Runs from HJT and Killbox are below. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 23:46:55, on 2006-4-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 百度超级�霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 用比特精�下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe



Pocket Killbox version 2.0.0.532
Running on Windows XP as geng(Administrator)
was started @ Wednesday, April 19, 2006, 7:47 PM

# 1 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\QQ.exe
*This file does not seem to exist

# 2 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\QQ.exe
*File Was Deleted

# 3 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\AddToNetDisk.htm
*File Was Deleted

# 4 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\AddPanel.htm
*File Was Deleted

# 5 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\AddEmotion.htm
*File Was Deleted

# 6 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\SendMMS.htm
*File Was Deleted

# 7 [Files to Delete]
Path = C:\Program Files\BitSpirit\bsurl.htm
*File Was Deleted

# 8 [Files to Delete]
Path = C:\WINDOWS\system32\mbprot.dll
*File Was Deleted

# 9 [Files to Delete]
Path = C:\WINDOWS\gsSecurity1.dll
*This File could not be Deleted

# 10 [Files to Delete]
Path = C:\WINDOWS\gsSecurity1.dll
*This File could not be Deleted

Killbox Closed(Exit) @ 7:49:13 PM
__________________________________________________

Pocket Killbox version 2.0.0.532
Running on Windows XP as geng(Administrator)
was started @ Wednesday, April 19, 2006, 7:54 PM

# 1 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\qdshm.dll
*File Was Deleted

# 2 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\QQIEHelper.dll
*This File could not be Deleted

# 3 [Files to Delete]
Path = C:\Program Files\Tencent\QQ
*This File could not be Deleted

# 4 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\TIMProxy.dll
*File Was Deleted

# 5 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\TIMPlatform.exe
*File Was Deleted

# 6 [Files to Delete]
Path = C:\Program Files\Tencent\QQ\QQIEHelper.dll
*This File could not be Deleted

Killbox Closed(Exit) @ 7:58:29 PM
__________________________________________________

Alrite, we'll try this one more time. Fix the following:

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 百度超级�霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O8 - Extra context menu item: 用比特精�下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.ht...s&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.ht...=cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.ht...cns&btn=yassist (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.ht...ns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.ht...=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.ht...=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.ht...e=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.ht...e=cns&btn=clean (file missing)

After fixing these, reboot into safe mode and delete the following folders:

C:\Program Files\baidu
C:\Program Files\BitSpirit

After doing this, search Windows for any of teh following and delete any entries:

CnsHook.dll
CnsMin.dll

After doing this, post back with a new log.

Thanks.

I performed all the actions, except I couldn't delete the

C:\Program Files\baidu

program. I tried to delete it using killbox, but it couldn't delete it. When trying to delete manually, the files regenerate themselves immediately when I revisit the fold.

When run under symantec I'm still getting the hacktool.rootkit error of which it cannot get ride of; when run under AVG there is still the backdoor.generic2.ppu issue.

Below is the HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:10:59, on 2006-4-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PPLive TV\PPPlayer.exe
C:\Program Files\Symantec AntiVirus\vptray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Synacast\SynaLive\PE.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 百度超级�霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

I just noticed the ewido anti-malware program found:

File: CnsHook.dll
Path: C:\WINDOWS\downlo~1
Infection: Adware.Cdn

although when I scan for this file, it cannot find it, which was what I was instructed earlier. This is in adition to being unable to remove the

C:\Program Files\baidu

folder. Symantec still shows the hacktool.rootkit and AVG the backdoor.generic2.ppu issue. Thank you.

Ok, step 2.

Have ya tried deleting baidu in safe mode? If so, respond back, and we'll work from there.

ALSO, download 2 programs, SpySweeper and Adaware
(spysweeper in my sig. below)
(adaware - http://www.download.com/Ad-Aware-SE-...bj=dl&tag=top5 )

After downloading, run the update for both, and then run both programs, saving the SpySweeper log.

After doing that, fix these in the HJT log:

O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)


After this, restart the computer and post a new HJT log, and teh Spysweeper log.

Thanks.

Got ride of the baidu folder under safe mode.

Performed all the above instructions.

Adware and Spy Sweeper both cannot remove the cnsmin thing.

Also, I get a CnsHook.dll error on ewido anti-malware almost every single time I perform an action on my machine.

Below are the HJT and Spy Sweeper Logs. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 21:32:49, on 2006-4-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

********
20:48: | Start of Session, 2006年4月20日 |
20:48: Spy Sweeper started
20:48: Sweep initiated using definitions version 662
20:48: Starting Memory Sweep
20:48: Found Adware: cnsmin
20:48: Detected running threat: C:\WINDOWS\downlo~1\CnsHook.dll (ID = 53247)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll (ID = 53267)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnsio.dll (ID = 192138)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsHook.dll (ID = 53247)
20:50: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnshint.dll (ID = 239052)
20:50: Memory Sweep Complete, Elapsed Time: 00:02:59
20:50: Starting Registry Sweep
20:51: HKCR\adkiller.adkillerobj\ (5 subtraces) (ID = 106148)
20:51: HKCR\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106158)
20:51: HKCR\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106159)
20:51: HKCR\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106162)
20:51: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
20:51: HKCR\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 106166)
20:51: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
20:51: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
20:51: HKLM\software\classes\adkiller.adkillerobj\ (5 subtraces) (ID = 106184)
20:51: HKLM\software\classes\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106189)
20:51: HKLM\software\classes\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106190)
20:51: HKLM\software\classes\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106192)
20:51: HKLM\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106206)
20:51: HKLM\software\classes\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106209)
20:51: HKLM\software\cnnic\ (ID = 106210)
20:51: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (40 subtraces) (ID = 106213)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (1 subtraces) (ID = 106237)
20:51: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
20:51: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
20:51: HKCR\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106261)
20:51: HKCR\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106266)
20:51: HKLM\software\3721\ (4 subtraces) (ID = 872107)
20:51: HKLM\software\3721\cnsmin\ (3 subtraces) (ID = 872108)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\ (19 subtraces) (ID = 872138)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\security\ (1 subtraces) (ID = 872152)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ (3 subtraces) (ID = 872154)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {d157330a-9ef3-49f8-9a67-4141ac41add4} (ID = 958059)
20:51: HKCR\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973025)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973117)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\1.0\ (8 subtraces) (ID = 973118)
20:51: HKCR\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018466)
20:51: HKCR\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018486)
20:51: HKCR\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018492)
20:51: HKLM\software\classes\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018635)
20:51: HKLM\software\classes\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018655)
20:51: HKLM\software\classes\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018661)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || count (ID = 1018678)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || nextinstance (ID = 1018679)
20:51: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
20:51: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
20:51: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
20:51: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
20:51: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || 0 (ID = 1047525)
20:51: HKLM\system\currentcontrolset\enum\root\legacy_cnsminkp\ (10 subtraces) (ID = 1147491)
20:51: HKLM\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 1240267)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\3721\ (5 subtraces) (ID = 106182)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsautoupdate (ID = 106221)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsenable (ID = 106222)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnslist (ID = 106224)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsmenu (ID = 106225)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
20:51: Registry Sweep Complete, Elapsed Time:00:00:11
20:51: Starting Cookie Sweep
20:51: Found Spy Cookie: adjuggler cookie
20:51: geng@rotator.adjuggler[1].txt (ID = 2071)
20:51: Found Spy Cookie: myaffiliateprogram.com cookie
20:51: geng@www.myaffiliateprogram[2].txt (ID = 3032)
20:51: Cookie Sweep Complete, Elapsed Time: 00:00:00
20:51: Starting File Sweep
20:51: c:\windows\downloaded program files\3721 (3 subtraces) (ID = -2147469211)
20:51: c:\program files\3721 (1 subtraces) (ID = -2147481237)
20:51: cnsminio.dll (ID = 53267)
20:51: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.exe". The system cannot find the path specified
20:51: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.ilg". The system cannot find the path specified
20:51: cnshook.dll (ID = 53247)
20:51: cns1.exe (ID = 53246)
20:51: cnsmindt.dll (ID = 53261)
20:53: cnsminex.cab (ID = 53262)
20:53: cns.exe (ID = 53246)
20:53: cnsio.dll (ID = 192138)
20:54: Warning: Failed to open file "c:\documents and settings\geng\recent\¤y¤o§? - °?¤@.lnk". The filename, directory name, or volume label syntax is incorrect
20:56: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.cat". The system cannot find the file specified
20:56: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
20:57: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.hdr". The system cannot find the path specified
20:57: cns.dll (ID = 53245)
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.exe". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.policy". The system cannot find the file specified
20:59: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
21:00: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.policy". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\_setup.dll". The system cannot find the path specified
21:05: cnsmindt.cab (ID = 53260)
21:05: cnsminex.dll (ID = 53263)
21:06: cnshint.dll (ID = 239052)
21:06: cns02.dat (ID = 180455)
21:06: cnsmin.dll (ID = 53251)
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.hdr". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.hdr". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.exe". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.inx". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.exe". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
21:12: cnsminex.ini (ID = 53264)
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.exe". The system cannot find the path specified
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.cab". The system cannot find the path specified
21:14: cnsmincg.ini (ID = 53257)
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.exe". The system cannot find the path specified
21:19: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.inx". The system cannot find the path specified
21:20: cnsmin.ini (ID = 53255)
21:21: File Sweep Complete, Elapsed Time: 00:30:22
21:21: Full Sweep has completed. Elapsed time 00:33:37
21:21: Traces Found: 436
21:21: Removal process initiated
21:24: Quarantining All Traces: cnsmin
21:24: cnsmin is in use. It will be removed on reboot.
21:24: c:\program files\3721 is in use. It will be removed on reboot.
21:24: cnsminio.dll is in use. It will be removed on reboot.
21:24: cnsio.dll is in use. It will be removed on reboot.
21:24: cnshint.dll is in use. It will be removed on reboot.
21:24: clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\security\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\enum\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\curver\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\clsid\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: Quarantining All Traces: adjuggler cookie
21:24: Quarantining All Traces: myaffiliateprogram.com cookie
21:24: Warning: Launched explorer.exe
21:24: Warning: Quarantine process could not restart Explorer.
21:24: Preparing to restart your computer. Please wait...
21:24: Removal process completed. Elapsed time 00:02:47
21:28: Processing Startup Alerts
21:28: Allowed Startup entry: ibmmessages
********
20:46: | Start of Session, 2006年4月20日 |
20:46: Spy Sweeper started
20:47: Your spyware definitions have been updated.
20:47: Updating spyware definitions
20:47: Your definitions are up to date.
20:48: | End of Session, 2006年4月20日 |

Alrite, incredible, we know where it's located now.

With killbox, delete the following on reboot (note: some may not be present, that's ok):

C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\CnsMin.dll
C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll
C:\WINDOWS\Downloaded Program Files\cnsio.dll
C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\cnshint.dll
c:\program files\3721


After doing this, reboot your computer again, run SpySweeper again, and save the log. Then, reboot 1 last time, and run a HJT scan.

Post killbox results, spysweeper results, and the HJT results.

Thanks.

When trying to delete

C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\CnsMin.dll
C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll
C:\WINDOWS\Downloaded Program Files\cnsio.dll
C:\WINDOWS\Downloaded Program Files\CnsHook.dll
C:\WINDOWS\Downloaded Program Files\cnshint.dll
c:\program files\3721

in normal startup, they didn't show up, even when hidden files where shown. When starting up in safe mode, these files showed up, but two where still undeletable with killbox, CnsHook.dll and CnsMin.dll. Also
:\program files\3721 was unable to be deleted. This is probably why ewido anti-malware gives me the CnsHook.dll error every time I try to do anything. Below are the HJT and spy sweeper logs. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 0:18:51, on 2006-4-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [iPod USB Service] iPODService.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

********
23:17: | Start of Session, 2006年4月20日 |
23:17: Spy Sweeper started
23:17: Sweep initiated using definitions version 662
23:17: Starting Memory Sweep
23:17: Found Adware: cnsmin
23:17: Detected running threat: C:\WINDOWS\downlo~1\CnsHook.dll (ID = 53247)
23:18: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsHook.dll (ID = 53247)
23:18: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
23:21: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll (ID = 53267)
23:21: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnsio.dll (ID = 192138)
23:22: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnshint.dll (ID = 239052)
23:22: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnsplus.dll (ID = 192143)
23:22: Memory Sweep Complete, Elapsed Time: 00:05:48
23:22: Starting Registry Sweep
23:22: Found Adware: cnsmin 3721.com hijack
23:22: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 106146)
23:22: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 106147)
23:22: HKCR\autolive.live\ (5 subtraces) (ID = 106150)
23:22: HKCR\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}\ (4 subtraces) (ID = 106157)
23:22: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
23:22: HKCR\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 106166)
23:22: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
23:22: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
23:22: HKCR\cnsminhk.cnshook.1\ (3 subtraces) (ID = 106170)
23:22: HKCR\cnsminhk.cnshook\ (5 subtraces) (ID = 106171)
23:22: HKCR\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1}\ (8 subtraces) (ID = 106174)
23:22: HKCR\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e}\ (8 subtraces) (ID = 106178)
23:22: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (70 subtraces) (ID = 106213)
23:22: HKLM\software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}\ (6 subtraces) (ID = 106217)
23:22: HKLM\software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}\ (4 subtraces) (ID = 106219)
23:22: HKLM\software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5}\ (4 subtraces) (ID = 106220)
23:22: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (1 subtraces) (ID = 106237)
23:22: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
23:22: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
23:22: HKCR\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1}\ (9 subtraces) (ID = 106260)
23:22: HKCR\typelib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927}\ (9 subtraces) (ID = 106263)
23:23: HKLM\software\3721\ (43 subtraces) (ID = 872107)
23:23: HKLM\software\3721\cnsmin\ (26 subtraces) (ID = 872108)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\ (19 subtraces) (ID = 872138)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\security\ (1 subtraces) (ID = 872152)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\enum\ (3 subtraces) (ID = 872154)
23:23: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {d157330a-9ef3-49f8-9a67-4141ac41add4} (ID = 958059)
23:23: HKCR\autolive.live.1\ (3 subtraces) (ID = 967034)
23:23: HKLM\software\classes\autolive.live.1\ (3 subtraces) (ID = 967206)
23:23: HKLM\software\classes\autolive.live\ (5 subtraces) (ID = 980759)
23:23: HKLM\software\classes\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}\ (4 subtraces) (ID = 980765)
23:23: HKLM\software\classes\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1}\ (9 subtraces) (ID = 980775)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || count (ID = 1018678)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || nextinstance (ID = 1018679)
23:23: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
23:23: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
23:23: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
23:23: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
23:23: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
23:23: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || 0 (ID = 1047525)
23:23: HKLM\system\currentcontrolset\enum\root\legacy_cnsminkp\ (10 subtraces) (ID = 1147491)
23:23: HKLM\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 1240267)
23:23: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\3721\ (39 subtraces) (ID = 106182)
23:23: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
23:23: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
23:23: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
23:23: HKU\S-1-5-18\software\3721\ (5 subtraces) (ID = 106182)
23:23: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
23:23: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
23:23: Registry Sweep Complete, Elapsed Time:00:00:15
23:23: Starting Cookie Sweep
23:23: Found Spy Cookie: atlas dmt cookie
23:23: geng@atdmt[2].txt (ID = 2253)
23:23: Found Spy Cookie: questionmarket cookie
23:23: geng@questionmarket[2].txt (ID = 3217)
23:23: Found Spy Cookie: adjuggler cookie
23:23: geng@rotator.adjuggler[1].txt (ID = 2071)
23:23: Found Spy Cookie: coremetrics cookie
23:23: geng@twci.coremetrics[1].txt (ID = 2472)
23:23: Found Spy Cookie: myaffiliateprogram.com cookie
23:23: geng@www.myaffiliateprogram[1].txt (ID = 3032)
23:23: Cookie Sweep Complete, Elapsed Time: 00:00:00
23:23: Starting File Sweep
23:23: c:\program files\3721 (3 subtraces) (ID = -2147481237)
23:23: c:\windows\downloaded program files\3721 (ID = -2147469211)
23:23: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.exe". The system cannot find the path specified
23:23: cnsminio.dll (ID = 53267)
23:23: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.ilg". The system cannot find the path specified
23:23: cnsminex.dll (ID = 53263)
23:23: cnsmindt.cab (ID = 53260)
23:24: cnsplus.cab (ID = 192142)
23:24: cnsplus.dll (ID = 192143)
23:24: cnsminio.dll (ID = 53267)
23:24: cnsio.dll (ID = 192138)
23:24: cnsminex.dll (ID = 53263)
23:25: cnsminex.cab (ID = 53262)
23:25: cnsminkp.vxd (ID = 163440)
23:25: cnshint.dll (ID = 239052)
23:25: cnshook.dll (ID = 53247)
23:25: cnsminhk.cab (ID = 53265)
23:25: cnsio.dll (ID = 192138)
23:25: cnsio.dll (ID = 192138)
23:25: cnshook.dll (ID = 53247)
23:26: cnsminio.cab (ID = 53266)
23:26: cns1.dll (ID = 53245)
23:26: cnsplus.dll (ID = 192143)
23:26: cns.exe (ID = 53246)
23:27: Warning: Failed to open file "c:\documents and settings\geng\recent\¤y¤o§? - °?¤@.lnk". The filename, directory name, or volume label syntax is incorrect
23:28: cnshint.dll (ID = 239052)
23:29: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.cat". The system cannot find the file specified
23:30: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
23:30: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.hdr". The system cannot find the path specified
23:31: cns.dll (ID = 53245)
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.exe". The system cannot find the path specified
23:32: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
23:33: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
23:33: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
23:33: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.policy". The system cannot find the file specified
23:33: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
23:33: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
23:33: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
23:34: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
23:35: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.policy". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.cat". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.cat". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
23:35: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
23:35: cnsmin.dll (ID = 53251)
23:35: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
23:38: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.exe". The system cannot find the path specified
23:39: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
23:39: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.exe". The system cannot find the path specified
23:39: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe". The system cannot find the path specified
23:40: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
23:40: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\_setup.dll". The system cannot find the path specified
23:40: cnshook.dll (ID = 53247)
23:41: cnsmin.dll (ID = 53251)
23:42: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
23:42: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
23:42: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.2600.2180.cat". The system cannot find the file specified
23:43: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.2600.2180.cat". The system cannot find the file specified
23:43: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.cat". The system cannot find the file specified
23:43: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
23:43: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.exe". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.exe". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.exe". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.hdr". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
23:44: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
23:45: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.cab". The system cannot find the path specified
23:45: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.exe". The system cannot find the path specified
23:45: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.inx". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.cab". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.hdr". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.exe". The system cannot find the path specified
23:46: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.inx". The system cannot find the path specified
23:47: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
23:47: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
23:47: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
23:47: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.exe". The system cannot find the path specified
23:47: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
23:48: cnsminex.ini (ID = 53264)
23:48: cnsminio.cab (ID = 53266)
23:48: cnsmincg.ini (ID = 53257)
23:50: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.exe". The system cannot find the path specified
23:50: cnsmindt.dll (ID = 53261)
23:50: cnsmindt.dll (ID = 53261)
23:50: cnsminex.cab (ID = 53262)
23:50: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.cab". The system cannot find the path specified
23:51: cnsmindt.cab (ID = 53260)
23:51: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.policy". The system cannot find the file specified
23:51: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.policy". The system cannot find the file specified
23:52: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.exe". The system cannot find the path specified
23:52: cnsminhk.cab (ID = 53265)
23:52: cns1.exe (ID = 53246)
23:52: cnsmincg.ini (ID = 53257)
23:53: cnsminex.ini (ID = 53264)
23:54: cnsplus[1].cab (ID = 192142)
23:54: cnsplus.cab (ID = 192142)
23:58: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.inx". The system cannot find the path specified
23:58: cnsmin.ini (ID = 53255)
23:58: cnsmin.ini (ID = 53255)
0:00: File Sweep Complete, Elapsed Time: 00:37:27
0:00: Full Sweep has completed. Elapsed time 00:43:34
0:00: Traces Found: 512
0:00: Removal process initiated
0:01: Quarantining All Traces: cnsmin
0:01: cnsmin is in use. It will be removed on reboot.
0:01: c:\program files\3721 is in use. It will be removed on reboot.
0:01: cnsminio.dll is in use. It will be removed on reboot.
0:01: cnsplus.dll is in use. It will be removed on reboot.
0:01: cnsio.dll is in use. It will be removed on reboot.
0:01: cnshint.dll is in use. It will be removed on reboot.
0:01: clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
0:01: clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
0:01: cnshelper.ch.1\ is in use. It will be removed on reboot.
0:01: cnshelper.ch\ is in use. It will be removed on reboot.
0:01: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
0:01: HKLM: system\currentcontrolset\services\cnsminkp\ is in use. It will be removed on reboot.
0:01: HKLM: system\currentcontrolset\services\cnsminkp\security\ is in use. It will be removed on reboot.
0:01: HKLM: system\currentcontrolset\services\cnsminkp\enum\ is in use. It will be removed on reboot.
0:01: cnshelper.ch\curver\ is in use. It will be removed on reboot.
0:01: cnshelper.ch.1\clsid\ is in use. It will be removed on reboot.
0:01: HKLM: software\classes\cnshelper.ch\ is in use. It will be removed on reboot.
0:01: HKLM: software\classes\cnshelper.ch.1\ is in use. It will be removed on reboot.
0:01: HKLM: software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
0:01: HKLM: software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
0:01: C:\WINDOWS\downlo~1\CnsHook.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\CnsHook.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\CnsMin.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\cnsio.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\cnshint.dll is in use. It will be removed on reboot.
0:01: C:\WINDOWS\Downloaded Program Files\cnsplus.dll is in use. It will be removed on reboot.
0:01: Quarantining All Traces: cnsmin 3721.com hijack
0:01: Quarantining All Traces: adjuggler cookie
0:01: Quarantining All Traces: atlas dmt cookie
0:01: Quarantining All Traces: coremetrics cookie
0:01: Quarantining All Traces: myaffiliateprogram.com cookie
0:01: Quarantining All Traces: questionmarket cookie
0:01: Warning: Launched explorer.exe
0:01: Warning: Quarantine process could not restart Explorer.
0:01: Removal process completed. Elapsed time 00:00:55
********
21:34: | Start of Session, 2006年4月20日 |
21:34: Spy Sweeper started
21:34: Sweep initiated using definitions version 662
21:34: Starting Memory Sweep
21:34: Found Adware: cnsmin
21:34: Detected running threat: C:\WINDOWS\downlo~1\CnsHook.dll (ID = 53247)
21:35: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
21:37: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsHook.dll (ID = 53247)
21:38: Memory Sweep Complete, Elapsed Time: 00:04:25
21:38: Starting Registry Sweep
21:38: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
21:38: HKCR\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 106166)
21:38: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
21:38: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
21:38: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (40 subtraces) (ID = 106213)
21:38: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (1 subtraces) (ID = 106237)
21:38: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
21:38: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
21:38: HKLM\software\3721\ (6 subtraces) (ID = 872107)
21:38: HKLM\software\3721\cnsmin\ (5 subtraces) (ID = 872108)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\ (19 subtraces) (ID = 872138)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\security\ (1 subtraces) (ID = 872152)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\enum\ (3 subtraces) (ID = 872154)
21:38: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {d157330a-9ef3-49f8-9a67-4141ac41add4} (ID = 958059)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || count (ID = 1018678)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || nextinstance (ID = 1018679)
21:38: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
21:38: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
21:38: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
21:38: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
21:38: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
21:38: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || 0 (ID = 1047525)
21:38: HKLM\system\currentcontrolset\enum\root\legacy_cnsminkp\ (11 subtraces) (ID = 1147491)
21:38: HKLM\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 1240267)
21:38: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\3721\ (7 subtraces) (ID = 106182)
21:38: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
21:38: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
21:38: Registry Sweep Complete, Elapsed Time:00:00:19
21:38: Starting Cookie Sweep
21:38: Found Spy Cookie: atlas dmt cookie
21:38: geng@atdmt[2].txt (ID = 2253)
21:38: Found Spy Cookie: adjuggler cookie
21:38: geng@rotator.adjuggler[1].txt (ID = 2071)
21:38: Found Spy Cookie: myaffiliateprogram.com cookie
21:38: geng@www.myaffiliateprogram[2].txt (ID = 3032)
21:38: Cookie Sweep Complete, Elapsed Time: 00:00:01
21:38: Starting File Sweep
21:39: c:\program files\3721 (ID = -2147481237)
21:39: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.exe". The system cannot find the path specified
21:39: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.ilg". The system cannot find the path specified
21:39: cnshook.dll (ID = 53247)
21:42: cns.exe (ID = 53246)
21:44: Warning: Failed to open file "c:\documents and settings\geng\recent\¤y¤o§? - °?¤@.lnk". The filename, directory name, or volume label syntax is incorrect
21:45: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.cat". The system cannot find the file specified
21:46: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
21:47: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.hdr". The system cannot find the path specified
21:47: cns.dll (ID = 53245)
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.exe". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
21:49: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
21:50: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.policy". The system cannot find the file specified
21:50: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
21:50: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
21:50: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
21:50: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
21:51: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.policy". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.cat". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.cat". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:51: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:52: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
21:55: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.exe". The system cannot find the path specified
21:55: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
21:55: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.exe". The system cannot find the path specified
21:55: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe". The system cannot find the path specified
21:57: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:57: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\_setup.dll". The system cannot find the path specified
21:57: cnsmin.dll (ID = 53251)
21:59: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
21:59: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
21:59: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
21:59: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.2600.2180.cat". The system cannot find the file specified
21:59: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.2600.2180.cat". The system cannot find the file specified
21:59: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.cat". The system cannot find the file specified
21:59: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
22:00: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.hdr". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.cab". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.exe". The system cannot find the path specified
22:01: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.inx". The system cannot find the path specified
22:02: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
22:02: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
22:02: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.cab". The system cannot find the path specified
22:02: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
22:02: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.hdr". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.exe". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.inx". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.exe". The system cannot find the path specified
22:03: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
22:06: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.exe". The system cannot find the path specified
22:06: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.cab". The system cannot find the path specified
22:07: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.policy". The system cannot find the file specified
22:07: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.policy". The system cannot find the file specified
22:07: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.exe". The system cannot find the path specified
22:12: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.inx". The system cannot find the path specified
22:13: Warning: Failed to open file "c:\documents and settings\geng\desktop\ssfsetup1_0.exe:zone.identifier". The system cannot find the file specified
22:13: Warning: Failed to open file "c:\documents and settings\geng\desktop\stuff.txt". The system cannot find the file specified
22:14: Found System Monitor: potentially rootkit-masked files
22:14: ca4lyppu. (ID = 0)
22:16: File Sweep Complete, Elapsed Time: 00:37:25
22:16: Full Sweep has completed. Elapsed time 00:42:15
22:16: Traces Found: 232
22:17: Removal process initiated
22:17: Quarantining All Traces: potentially rootkit-masked files
22:17: potentially rootkit-masked files is in use. It will be removed on reboot.
22:17: ca4lyppu. is in use. It will be removed on reboot.
22:17: Quarantining All Traces: adjuggler cookie
22:17: Quarantining All Traces: atlas dmt cookie
22:17: Quarantining All Traces: myaffiliateprogram.com cookie
22:17: Removal process completed. Elapsed time 00:00:09
22:18: Removal process initiated
22:18: Quarantining All Traces: cnsmin
22:18: cnsmin is in use. It will be removed on reboot.
22:18: clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
22:18: clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
22:18: cnshelper.ch.1\ is in use. It will be removed on reboot.
22:18: cnshelper.ch\ is in use. It will be removed on reboot.
22:18: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
22:18: HKLM: system\currentcontrolset\services\cnsminkp\ is in use. It will be removed on reboot.
22:18: HKLM: system\currentcontrolset\services\cnsminkp\security\ is in use. It will be removed on reboot.
22:18: HKLM: system\currentcontrolset\services\cnsminkp\enum\ is in use. It will be removed on reboot.
22:18: cnshelper.ch\curver\ is in use. It will be removed on reboot.
22:18: cnshelper.ch.1\clsid\ is in use. It will be removed on reboot.
22:18: HKLM: software\classes\cnshelper.ch\ is in use. It will be removed on reboot.
22:18: HKLM: software\classes\cnshelper.ch.1\ is in use. It will be removed on reboot.
22:18: HKLM: software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
22:18: HKLM: software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
22:18: Warning: Launched explorer.exe
22:18: Warning: Quarantine process could not restart Explorer.
22:18: Removal process completed. Elapsed time 00:00:29
22:25: Processing Startup Alerts
22:25: Allowed Startup entry: vptray
22:25: Allowed Startup entry: ibmmessages
23:17: Processing Startup Alerts
23:17: Removed Startup entry: helper.dll
23:17: | End of Session, 2006年4月20日 |
********
20:48: | Start of Session, 2006年4月20日 |
20:48: Spy Sweeper started
20:48: Sweep initiated using definitions version 662
20:48: Starting Memory Sweep
20:48: Found Adware: cnsmin
20:48: Detected running threat: C:\WINDOWS\downlo~1\CnsHook.dll (ID = 53247)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMin.dll (ID = 53251)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsMinIO.dll (ID = 53267)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnsio.dll (ID = 192138)
20:48: Detected running threat: C:\WINDOWS\Downloaded Program Files\CnsHook.dll (ID = 53247)
20:50: Detected running threat: C:\WINDOWS\Downloaded Program Files\cnshint.dll (ID = 239052)
20:50: Memory Sweep Complete, Elapsed Time: 00:02:59
20:50: Starting Registry Sweep
20:51: HKCR\adkiller.adkillerobj\ (5 subtraces) (ID = 106148)
20:51: HKCR\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106158)
20:51: HKCR\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106159)
20:51: HKCR\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106162)
20:51: HKCR\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 106163)
20:51: HKCR\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 106166)
20:51: HKCR\cnshelper.ch.1\ (3 subtraces) (ID = 106168)
20:51: HKCR\cnshelper.ch\ (5 subtraces) (ID = 106169)
20:51: HKLM\software\classes\adkiller.adkillerobj\ (5 subtraces) (ID = 106184)
20:51: HKLM\software\classes\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}\ (21 subtraces) (ID = 106189)
20:51: HKLM\software\classes\clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}\ (11 subtraces) (ID = 106190)
20:51: HKLM\software\classes\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}\ (4 subtraces) (ID = 106192)
20:51: HKLM\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106206)
20:51: HKLM\software\classes\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106209)
20:51: HKLM\software\cnnic\ (ID = 106210)
20:51: HKLM\software\microsoft\internet explorer\advancedoptions\!cns\ (40 subtraces) (ID = 106213)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (1 subtraces) (ID = 106237)
20:51: HKLM\software\microsoft\windows\currentversion\run\ || cnsmin (ID = 106245)
20:51: HKLM\software\microsoft\windows\currentversion\uninstall\cnsmin\ (2 subtraces) (ID = 106251)
20:51: HKCR\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35}\ (9 subtraces) (ID = 106261)
20:51: HKCR\typelib\{f97e75a4-0103-4f27-a752-327b600b1130}\ (9 subtraces) (ID = 106266)
20:51: HKLM\software\3721\ (4 subtraces) (ID = 872107)
20:51: HKLM\software\3721\cnsmin\ (3 subtraces) (ID = 872108)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\ (19 subtraces) (ID = 872138)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\security\ (1 subtraces) (ID = 872152)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ (3 subtraces) (ID = 872154)
20:51: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {d157330a-9ef3-49f8-9a67-4141ac41add4} (ID = 958059)
20:51: HKCR\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973025)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\ (9 subtraces) (ID = 973117)
20:51: HKLM\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7}\1.0\ (8 subtraces) (ID = 973118)
20:51: HKCR\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018466)
20:51: HKCR\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018486)
20:51: HKCR\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018492)
20:51: HKLM\software\classes\adkiller.adkillerobj.1\ (3 subtraces) (ID = 1018635)
20:51: HKLM\software\classes\fflash.flashobjectinterface\ (5 subtraces) (ID = 1018655)
20:51: HKLM\software\classes\fflash.flashobjectinterface.1\ (3 subtraces) (ID = 1018661)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || count (ID = 1018678)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || nextinstance (ID = 1018679)
20:51: HKCR\cnshelper.ch\curver\ (1 subtraces) (ID = 1041849)
20:51: HKCR\cnshelper.ch.1\clsid\ (1 subtraces) (ID = 1041853)
20:51: HKLM\software\classes\cnshelper.ch\ (5 subtraces) (ID = 1041942)
20:51: HKLM\software\classes\cnshelper.ch.1\ (3 subtraces) (ID = 1041948)
20:51: HKLM\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ (25 subtraces) (ID = 1041952)
20:51: HKLM\system\currentcontrolset\services\cnsminkp\enum\ || 0 (ID = 1047525)
20:51: HKLM\system\currentcontrolset\enum\root\legacy_cnsminkp\ (10 subtraces) (ID = 1147491)
20:51: HKLM\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ (15 subtraces) (ID = 1240267)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\3721\ (5 subtraces) (ID = 106182)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsautoupdate (ID = 106221)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsenable (ID = 106222)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnshint (ID = 106223)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnslist (ID = 106224)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsmenu (ID = 106225)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\main\ || cnsreset (ID = 106226)
20:51: HKU\S-1-5-21-1612712036-2320844081-1803406932-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
20:51: Registry Sweep Complete, Elapsed Time:00:00:11
20:51: Starting Cookie Sweep
20:51: Found Spy Cookie: adjuggler cookie
20:51: geng@rotator.adjuggler[1].txt (ID = 2071)
20:51: Found Spy Cookie: myaffiliateprogram.com cookie
20:51: geng@www.myaffiliateprogram[2].txt (ID = 3032)
20:51: Cookie Sweep Complete, Elapsed Time: 00:00:00
20:51: Starting File Sweep
20:51: c:\windows\downloaded program files\3721 (3 subtraces) (ID = -2147469211)
20:51: c:\program files\3721 (1 subtraces) (ID = -2147481237)
20:51: cnsminio.dll (ID = 53267)
20:51: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.exe". The system cannot find the path specified
20:51: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.ilg". The system cannot find the path specified
20:51: cnshook.dll (ID = 53247)
20:51: cns1.exe (ID = 53246)
20:51: cnsmindt.dll (ID = 53261)
20:53: cnsminex.cab (ID = 53262)
20:53: cns.exe (ID = 53246)
20:53: cnsio.dll (ID = 192138)
20:54: Warning: Failed to open file "c:\documents and settings\geng\recent\¤y¤o§? - °?¤@.lnk". The filename, directory name, or volume label syntax is incorrect
20:56: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.cat". The system cannot find the file specified
20:56: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.ilg". The system cannot find the path specified
20:57: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.hdr". The system cannot find the path specified
20:57: cns.dll (ID = 53245)
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\layout.bin". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\data1.cab". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.exe". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\setup.inx". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{91810afc-a4f8-4eba-a5aa-b198bbc81144}\icon.bmp". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.policy". The system cannot find the file specified
20:59: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.hdr". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.ilg". The system cannot find the path specified
20:59: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\setup.inx". The system cannot find the path specified
21:00: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.inx". The system cannot find the path specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.policy". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.cat". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcirt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\windows\winsxs\\msvcrt.dll". The system cannot find the file specified
21:01: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.hdr". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.cab". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.exe". The system cannot find the path specified
21:04: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:05: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\_setup.dll". The system cannot find the path specified
21:05: cnsmindt.cab (ID = 53260)
21:05: cnsminex.dll (ID = 53263)
21:06: cnshint.dll (ID = 239052)
21:06: cns02.dat (ID = 180455)
21:06: cnsmin.dll (ID = 53251)
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.inx". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.cab". The system cannot find the path specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\windows\winsxs\policies\\7.0.2600.2180.cat". The system cannot find the file specified
21:07: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.cab". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.hdr". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\setup.ilg". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{ea664480-3844-11d5-8c25-444553540000}\setup.inx". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.exe". The system cannot find the path specified
21:08: Warning: Failed to open file "c:\program files\\{9fac9e5c-0d20-4dbf-afe5-2e09c52a95a2}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.ilg". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{3ea9d975-bfdc-4e8e-b88b-0446fbc8ca66}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.inx". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.hdr". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{2111b23f-7fda-4a41-8309-e5a1663ca296}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{72806716-7088-41b2-8fa6-717a2a164dab}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\data1.cab". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.exe". The system cannot find the path specified
21:09: Warning: Failed to open file "c:\program files\\{74574620-fe6e-11d2-aa9b-b732b9de0c29}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.ilg". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{6c72e14a-c1f3-45e5-8810-83ce3c19ed63}\setup.inx". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{82512bc9-bd5d-4c50-be4d-b98e7df78687}\data1.cab". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\data1.hdr". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.exe". The system cannot find the path specified
21:10: Warning: Failed to open file "c:\program files\\{3ed8d422-5658-41fa-ae3d-7107b26caab7}\setup.inx". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.ilg". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.hdr". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\data1.cab". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.exe". The system cannot find the path specified
21:11: Warning: Failed to open file "c:\program files\\{22b71a00-4ded-11d4-a5e5-0004ac564f43}\setup.inx". The system cannot find the path specified
21:12: cnsminex.ini (ID = 53264)
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.exe". The system cannot find the path specified
21:14: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\data1.cab". The system cannot find the path specified
21:14: cnsmincg.ini (ID = 53257)
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\6.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\windows\winsxs\policies\\1.0.10.0.policy". The system cannot find the file specified
21:15: Warning: Failed to open file "c:\program files\\{0bedbd4e-2d34-47b5-9973-57e62b29307c}\setup.exe". The system cannot find the path specified
21:19: Warning: Failed to open file "c:\program files\\{4fe92d2d-89ff-4e24-8a8f-b1956eacf704}\setup.inx". The system cannot find the path specified
21:20: cnsmin.ini (ID = 53255)
21:21: File Sweep Complete, Elapsed Time: 00:30:22
21:21: Full Sweep has completed. Elapsed time 00:33:37
21:21: Traces Found: 436
21:21: Removal process initiated
21:24: Quarantining All Traces: cnsmin
21:24: cnsmin is in use. It will be removed on reboot.
21:24: c:\program files\3721 is in use. It will be removed on reboot.
21:24: cnsminio.dll is in use. It will be removed on reboot.
21:24: cnsio.dll is in use. It will be removed on reboot.
21:24: cnshint.dll is in use. It will be removed on reboot.
21:24: clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\security\ is in use. It will be removed on reboot.
21:24: HKLM: system\currentcontrolset\services\cnsminkp\enum\ is in use. It will be removed on reboot.
21:24: cnshelper.ch\curver\ is in use. It will be removed on reboot.
21:24: cnshelper.ch.1\clsid\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\cnshelper.ch.1\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}\ is in use. It will be removed on reboot.
21:24: HKLM: software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4}\ is in use. It will be removed on reboot.
21:24: Quarantining All Traces: adjuggler cookie
21:24: Quarantining All Traces: myaffiliateprogram.com cookie
21:24: Warning: Launched explorer.exe
21:24: Warning: Quarantine process could not restart Explorer.
21:24: Preparing to restart your computer. Please wait...
21:24: Removal process completed. Elapsed time 00:02:47
21:28: Processing Startup Alerts
21:28: Allowed Startup entry: ibmmessages
21:33: Memory Shield: Found: Memory-resident threat cnsmin, version 1.0.0.0
21:33: Detected running threat: cnsmin
21:34: | End of Session, 2006年4月20日 |
********
20:46: | Start of Session, 2006年4月20日 |
20:46: Spy Sweeper started
20:47: Your spyware definitions have been updated.
20:47: Updating spyware definitions
20:47: Your definitions are up to date.
20:48: | End of Session, 2006年4月20日 |