Malware Defender 2009 (Removal Instructions)
Malware Defender 2009 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim.
Once your computer is infected with this parasite, it will immediately displays security warnings, alerts and system scans stating that your computer is heavily infected. These warnings are all false and are only displayed to make you think your computer is truly infected and that it is necessary to buy the full version of the software to remove the so-called infections.
Make sure to not fall in this scam, if your computer is infected with Malware Defender 2009, it is recommended to remove it immediately and to scan your system with a real security software.
Symptoms of infection
- The process reged.exe is running in your system
- The process malwaredef.exe is running in your system
- The process spoolsystem.exe is running in your system
- The process sysexplorer.exe is running in your system
- The process wcenter.exe is running in your system
- Slow computer performance
- Repeated security warnings, alerts and system scans
- Web sites that suddenly are shown on your desktop
Malicious web sites and urls:
1 2 3 | easywinscanner17.com (209.249.222.48) malwaredefender2009.com (67.43.237.75) gomaldef09.com (67.43.237.77) |
When the program is executed, it creates the following files:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | %ProgramFiles%\Malware Defender 2009 %ProgramFiles%\Malware Defender 2009\conf.cfg %ProgramFiles%\Malware Defender 2009\malwaredef.exe %ProgramFiles%\Malware Defender 2009\mbase.vdb %ProgramFiles%\Malware Defender 2009\quarantine.vdb %ProgramFiles%\Malware Defender 2009\queue.vdb %ProgramFiles%\Malware Defender 2009\uninstall.exe %ProgramFiles%\Malware Defender 2009\vbase.vdb %ProgramFiles%\Malware Defender 2009\quarantine C:\WINDOWS\reged.exe C:\WINDOWS\spoolsystem.exe C:\WINDOWS\sys.com C:\WINDOWS\syscert.exe C:\WINDOWS\sysexplorer.exe C:\WINDOWS\vmreg.dll C:\WINDOWS\system32\wcenter.exe %AllUsers%\Application Data\Microsoft\Media Index\Drivers %AllUsers%\Application Data\Microsoft\win.exe %AllUsers%\Application Data\Microsoft\Media Index\svchos.exe %AllUsers%\Application Data\Microsoft\Media Index\t.id %AllUsers%\Application Data\Microsoft\Media Index\Drivers\c.cgm %AllUsers%\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll %AllUsers%\Application Data\Microsoft\Media Index\Drivers\vwkemjwebr.dll %AllUsers%\Application Data\Microsoft\Network\install.exe |
The program creates the following registry entries:
1 2 3 4 | HKLM\SOFTWARE\Malware Defender 2009 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\updater HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwaredef |
How to remove Malware Defender 2009 (manual removal) ?
- Kill the running process malwaredef.exe
- Kill the running process reged.exe
- Kill the running process wcenter.exe
- Kill the running process sysexplorer.exe
- Kill the running process spoolsystem.exe
- Unregister all the Malware Defender 2009 DLLs
- Delete all the Malware Defender 2009 files
- Delete all the Malware Defender 2009 registry entries
How to remove Malware Defender 2009 (automatic removal) ?
- Download and Install NoVirusThanks Malware Remover
- Update the database
- Click the button Scan
- Delete infected files
March 9th, 2009 at 5:46 pm
it worked…!
thy
March 15th, 2009 at 4:07 am
I just bought the malware anitvirus protection 2009 and paid for it. how do I get my money back?
March 15th, 2009 at 1:07 pm
Laura, you can try to contact your bank operators and ask them to do a refund or you can contact your local authorities to receive more help.
March 15th, 2009 at 9:28 pm
Download your Malware Remover Tool to remove Malware Defender 2009 but rhis tool even can not find the malware. I did update the tool and get update finished message. It still can not find the malware.
March 15th, 2009 at 10:43 pm
John, check if this process is running in your system:
malwaredef.exe
and check if these files are present in your computer:
C:\Program Files\Malware Defender 2009\conf.cfg
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\Program Files\Malware Defender 2009\mbase.vdb
C:\Program Files\Malware Defender 2009\quarantine.vdb
C:\Program Files\Malware Defender 2009\queue.vdb
C:\Program Files\Malware Defender 2009\uninstall.exe
C:\Program Files\Malware Defender 2009\vbase.vdb
C:\Program Files\Malware Defender 2009\quarantine
if yes, just remove them and delete the related registry keys, do also a scan with HiJackThis and paste here the logs.
March 18th, 2009 at 4:22 am
I have not been infected with this fake anti-malware program and I know better than to install something like this. Yet I am still getting pop ups (annoying) and fake scans that are cleverly designed as pop ups (even more annoying) and my computer has been running horribly slow. Any word on how to remove the pop ups telling me I need to download the program?
March 18th, 2009 at 12:34 pm
Tired of IT, post here an HiJackThis Log, download the program from this link: http://download.hijackthis.eu/HJTInstall.exe, do a system scan and paste here the log
March 21st, 2009 at 4:19 pm
i ran malwarebytes it has crippled malware defender 2009 but has not fully removed it… i think it has something to due with the registry…please help…here is a copy of my hijack log
thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:28 AM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0209&m=el1200-06w
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0209&m=el1200-06w
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0209&m=el1200-06w
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0209&m=el1200-06w
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: NCO 2.0 IE BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Show Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 – Toolbar: &Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 – HKLM\..\Run: [UpdateP2GoShortCut] “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0″
O4 – HKLM\..\Run: [UpdatePSTShortCut] “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 – HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: [osCheck] “C:\Program Files\Norton 360\osCheck.exe”
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 – HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 – HKLM\..\Run: [EarthLink Installer] ” /C
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [BkupTray] “C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe”
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 – Service: Agere Modem Call Progress Audio (AgereModemAudio) – Agere Systems – C:\WINDOWS\system32\agrsmsvc.exe
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 – Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) – NewTech Infosystems, Inc. – C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 – Service: GameConsoleService – WildTangent, Inc. – C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 – Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 – Service: LiveUpdate Notice – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) – NewTech InfoSystems, Inc. – C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 – Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) – Unknown owner – C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 – Service: Symantec Core LC – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
–
End of file – 9725 bytes
March 21st, 2009 at 6:35 pm
I downloaded and removed the malware defender 2009, but it came right back. I have 2 other anti virus and anti spyware on my computer and when they scan they say nothing has been detected. What can I do now? My computer is running very slowly. Thanks! Susan
March 21st, 2009 at 7:07 pm
Hi Susan,
download HiJackThis and scan your computer, then paste here the log so we can help you
March 21st, 2009 at 10:14 pm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:27 PM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1146067985\ee\AOLSoftware.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\AOL\1146067985\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1146067985\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas82a.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\AOL\1146067985\EE\AOLDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1146067985\EE\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3503
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: (no name) – ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} – (no file)
R3 – URLSearchHook: MyIdentityDefender – {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} – C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
R3 – URLSearchHook: (no name) – ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} – (no file)
O3 – Toolbar: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
O3 – Toolbar: AOL Toolbar – {4982D40A-C53B-4615-B15B-B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O3 – Toolbar: MSN Toolbar – {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} – C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 – Toolbar: GamesBar – {6F282B65-56BF-4BD1-A8B2-A4449A05863D} – C:\Program Files\GamesBar\oberontb.dll
O3 – Toolbar: &Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 – Toolbar: MyIdentityDefender – {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} – C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 – Toolbar: AOL Toolbar – {DE9C389F-3316-41A7-809B-AA305ED9D922} – C:\Program Files\AOL Toolbar\aoltb.dll
O4 – HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 – HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146067985\ee\AOLSoftware.exe
O4 – HKLM\..\Run: [lxcymon.exe] “C:\Program Files\Lexmark 3400 Series\lxcymon.exe”
O4 – HKLM\..\Run: [EzPrint] “C:\Program Files\Lexmark 3400 Series\ezprint.exe”
O4 – HKLM\..\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s
O4 – HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 – HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1146067985\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 – HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1146067985\ee\SSCRun.exe
O4 – HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 – HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 – HKLM\..\Run: [AOL Spyware Protection] “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 – HKLM\..\Run: [ISUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [CyberDefender Early Detection Center] “C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe”
O4 – HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 – HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 – HKLM\..\Run: [84fa51fc] rundll32.exe “C:\WINDOWS\system32\esagvklk.dll”,b
O4 – HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 – HKCU\..\Run: [Power2GoExpress] NA
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 – HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [CyberDefender Early Detection Center] “C:\Program Files\CyberDefender\AntiSpyware\cdas82a.exe” /minimize
O4 – HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User ‘Default user’)
O4 – Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 – Extra context menu item: &AOL Toolbar Search – C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.4.2\gears.dll
O9 – Extra ‘Tools’ menuitem: &Gears Settings – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:\Program Files\Google\Google Gears\Internet Explorer.5.4.2\gears.dll
O9 – Extra button: (no name) – {1A93C934-025B-4c3a-B38E-9654A7003239} – C:\Program Files\GamesBar\oberontb.dll
O9 – Extra ‘Tools’ menuitem: GamesBar – {1A93C934-025B-4c3a-B38E-9654A7003239} – C:\Program Files\GamesBar\oberontb.dll
O9 – Extra button: AOL Toolbar – {4982D40A-C53B-4615-B15B-B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra ‘Tools’ menuitem: AOL Toolbar – {4982D40A-C53B-4615-B15B-B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\system32\Shdocvw.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) – https://install.charter.com/diskless/bin/ssctlsma.dll
O16 – DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) – http://gamerival.oberon-media.com/gameshell/games/channel–110371637/lc–en/room–9ab6f2eb-f4d6-42ea-9c2b-9aa2580a755f/online/ButterflyEscape/en/GenimoWebGamesControl.cab
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 – DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) – http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 – DPF: {2D0280B1-DC42-4DFA-9525-09BD48838539} (OSAKitPro.OSAKit) – http://www.fenomen-games.com/ashley-jones-heart-egypt/osakitpro.cab
O16 – DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) – http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 – DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) – http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
O16 – DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) – http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 – DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) – http://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
O16 – DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) – http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 – DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) – http://www.respondus2.com/LDB/setup.exe
O16 – DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) – http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 – DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) – http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 – DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} – http://mediaplayer.walmart.com/installer/install.cab
O16 – DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) – http://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
O16 – DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) – http://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
O16 – DPF: {7D492D61-303A-45C3-8A55-63449339943D} (CPlayFirstNightShiftControl Object) – http://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
O16 – DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) – http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 – DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) – http://aolsvc.aol.com/onlinegames/free-trial-mystery-pi-the-lottery-ticket/SpinTopGamesLauncher.cab
O16 – DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) – http://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
O16 – DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) – http://www.gamehouse.com/games/dvcode/DVCControl.cab
O16 – DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games – Installer) – http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 – DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) – http://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 – DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) – http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 – DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) – http://gamerival.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) – http://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
O16 – DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) – http://cdn.ll.neoedge.com/webgames/SandScript/SandScript.1.0.0.21.cab
O16 – DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) – http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 – DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) – http://www.gamehouse.com/games/zuma/popcaploader.cab
O16 – DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} (CPlayFirstMahjongRoaControl Object) – http://games.bigfishgames.com/en_mahjong-roadshow/online/MahjongRoadshowWeb.1.0.0.17.cab
O20 – AppInit_DLLs: xxdudf.dll
O21 – SSODL: HardwareDrivers – {CC3DDD7F-BC01-4F28-9622-070DDEDD6966} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 – SSODL: DriversLoad – {A61B68B3-B8E1-4CD0-982D-67C8F15DB0DD} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\xnvqzvpkbu.dll
O23 – Service: AOL Connectivity Service (AOL ACS) – AOL LLC – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 – Service: AOL Antivirus Update Service (aolavupd) – AOL LLC – C:\Program Files\Common Files\AOL\1146067985\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 – Service: AOL Spyware Protection Service (AOLService) – Unknown owner – C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Google Update Service (gupdate1c9535347be581c) (gupdate1c9535347be581c) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) – CA, Inc. – C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: lxcy_device – – C:\WINDOWS\system32\lxcycoms.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 – Service: PrismXL – New Boundary Technologies, Inc. – C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
–
End of file – 17030 bytes
March 22nd, 2009 at 2:48 pm
I downloaded a video and shortly thereafter began getting unreasonable security warnings. I have not downloaded anything further but repeatedly these security warnings take me to a website to purchase maldefender2009 or some other named scanner. How do I get rid of the false security warnings. Here is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:01 AM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\DOCUME~1\Buffalo\LOCALS~1\Temp\824.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: Yahoo! ¤u¨ã¦C – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 – URLSearchHook: (no name) – – (no file)
R3 – URLSearchHook: ICQToolBar – {855F3B16-6D32-4fe6-8A56-BBB695989046} – C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: XML module – {500BCA15-57A7-4eaf-8143-8C619470B13D} – C:\WINDOWS\system32\msxml71.dll
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 – BHO: Browser Address Error Redirector – {CA6319C0-31B7-401E-A518-A07C3DB8F777} – c:\windows\system32\BAE.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Yahoo! ¤u¨ã¦C – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: ICQToolBar – {855F3B16-6D32-4fe6-8A56-BBB695989046} – C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 – Toolbar: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 – HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 – HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 – HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 – HKLM\..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKCU\..\Run: [Power2GoExpress] NA
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 – HKCU\..\Run: [Cognac] C:\DOCUME~1\Buffalo\LOCALS~1\Temp\824.exe
O4 – Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 – Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\system32\Shdocvw.dll
O9 – Extra button: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files\ICQ6.5\ICQ.exe
O9 – Extra ‘Tools’ menuitem: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files\ICQ6.5\ICQ.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) – http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 – DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) – http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 – DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) – http://www.crucial.com/controls/cpcScanner.cab
O16 – DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) – https://register.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: GNUnet – Unknown owner – C:\Program Files\GNU\GNUnet\bin\gnunetd.exe
O23 – Service: HP Port Resolver – Hewlett-Packard Company – C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 – Service: ICQ Service – Unknown owner – C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 – Service: Imapi Helper – Alex Feinman – C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: PrismXL – New Boundary Technologies, Inc. – C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 – Service: Viewpoint Manager Service – Viewpoint Corporation – C:\Program Files\Viewpoint\Common\ViewpointService.exe
–
End of file – 10518 bytes
March 22nd, 2009 at 5:21 pm
Hi Orv,
scan these files in our virus scanner service and paste here the results (if infected):
C:\DOCUME~1\Buffalo\LOCALS~1\Temp\824.exe
C:\WINDOWS\system32\msxml71.dll
c:\windows\system32\BAE.dll
March 23rd, 2009 at 12:45 pm
I pasted my hi-jack this log, but have not had a reply from you. Please help, my computer is pretty much at a stand still. Thanks! Susan
March 23rd, 2009 at 5:40 pm
Hi Susan, sorry for the delay, send to the virus scanner service these files:
C:\WINDOWS\system32\wcenter.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\system32\esagvklk.dll
C:\WINDOWS\system32\xxdudf.dll
And paste here the results.
March 23rd, 2009 at 9:13 pm
I’m not sure how to do this.
March 24th, 2009 at 3:29 pm
Hi Susan,
try to do this:
Download, Install and Update NVT Malware Remover Tool then scan your computer and remove infected files found.
After, paste again the HijackThis log
March 25th, 2009 at 10:06 pm
Well i’ve deleted everything so far but the folder in program files comes back.
As well as wcentre.exe
What can i do?
My HJT Results are below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:07, on 25/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ZTE Mobile Connection\datacard.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://max.gunggo.com/show_ad.aspx?type=1024×768&cid=104/1&sid=91
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 – Toolbar: &Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 – HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [InstantOn] “C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe” /c
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 – HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [Curb tool help dart] C:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\Bolt Meta.exe
O4 – HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 – HKUS\S-1-5-21-1757981266-117609710-839522115-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘?’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘?’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: CabBuilder – http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{9245D49B-B6FC-4946-8399-2339950E89C3}: NameServer = 4.2.2.4 4.2.2.3
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 – SSODL: HardwareDrivers – {FCAB15B5-B3BD-42D7-91E5-4921D2F873BE} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 – SSODL: DriversLoad – {066DEC6B-047C-47AC-9E9C-8D514561BB6C} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\kgnblaoumq.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: AVG Free8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Google Updater Service (gusvc) – Unknown owner – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
–
End of file – 8369 bytes
March 26th, 2009 at 1:56 am
Zach, do this:
1) Kill process named malwaredef.exe using cmd.exe:
2) Delete those files:
Delete this folder:
3) Delete these registry keys:
4) Restart your pc, use the pc for about 2 hours and re-paste here the Hijackthis log