I don't have any symptoms to report. My daughter reported an infection attempt on her laptop, so , I thought I'd look at the family desktop. Did the weekly update of the OS and anti-virus and looked at the firewall alert logs. The only unusual behavior is a program being continually blocked by the firewall. I located that file and the anti-virus popped up a warning "TR/FraudPack.alog Trojan". How about that ... got one. I guess I need help to make sure this puter is clean.
Here are the requested logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:29 AM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
G:\SpyWare\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\BCMSMMSG.exe
G:\SpyWare\Windows Defender\MSASCui.exe
G:\MusicXfr\Creative ZEN\ZEN Media Explorer\CTCheck.exe
G:\SpyWare\ZoneAlarm\zlclient.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Documents and Settings\Owner\Local Settings\Application Data\mhvpcn\acgisftav.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.southernstandard.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "G:\SpyWare\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTCheck] G:\MusicXfr\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\SpyWare\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mwmaplnb] F:\Documents and Settings\Owner\Local Settings\Application Data\mhvpcn\acgisftav.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mwmaplnb] F:\Documents and Settings\Owner\Local Settings\Application Data\mhvpcn\acgisftav.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.aedcfcu.org
O15 - Trusted Zone: kelly.aesoponline.com
O15 - Trusted Zone: *.amiuptodate.com
O15 - Trusted Zone: *.arcot.com
O15 - Trusted Zone: *.ascendfcu.org
O15 - Trusted Zone: *.balfour.com
O15 - Trusted Zone: *.blomand.net
O15 - Trusted Zone: *.buydig.com
O15 - Trusted Zone: *.capitalone.com
O15 - Trusted Zone: *.careerbuilder.com
O15 - Trusted Zone: *.chase.com
O15 - Trusted Zone: *.chegg.com
O15 - Trusted Zone: *.chickasaw.com
O15 - Trusted Zone: *.cmt.com
O15 - Trusted Zone: us.creative.com
O15 - Trusted Zone: http://www.creative.com
O15 - Trusted Zone: *.creative.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: portal-2.diginsite.com
O15 - Trusted Zone: *.discovercard.com
O15 - Trusted Zone: *.fafsa.ed.gov
O15 - Trusted Zone: *.ed.gov
O15 - Trusted Zone: *.irs.gov
O15 - Trusted Zone: *.kellyeducationalstaffing.us
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.magic985.com
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.mcafeehelp.com
O15 - Trusted Zone: *.mesa-robotics.com
O15 - Trusted Zone: *.mesainc.com
O15 - Trusted Zone: *.mscc.edu
O15 - Trusted Zone: *.neonova.net
O15 - Trusted Zone: *.net10.com
O15 - Trusted Zone: *.newegg.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: *.pcpowercooling.com
O15 - Trusted Zone: *.postini.com
O15 - Trusted Zone: *.principal.com
O15 - Trusted Zone: *.taxact.com
O15 - Trusted Zone: *.ticketmaster.com
O15 - Trusted Zone: *.tnlottery.com
O15 - Trusted Zone: *.tntech.edu
O15 - Trusted Zone: *.tracfone.com
O15 - Trusted Zone: *.verizonwireless.com
O15 - Trusted Zone: *.walmart.com
O15 - Trusted Zone: *.wellsfargo.com
O15 - Trusted Zone: http://*.windowsmedia.com
O15 - Trusted IP range: http://65.83.55.133
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0626050140
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8204526765
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://66.222.23.10/dana-cached/setup/ ... tupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43BA827B-8B38-4A65-9169-7C821B43CB13}: NameServer = 192.168.1.254
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - F:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - F:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - F:\WINDOWS\System32\StkASv2K.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10458 bytes
uninstall_list.txt:
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
a-squared Free 3.0
a-squared HiJackFree 3.1
ATI Display Driver
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
BCM V.92 56K Modem
Belarc Advisor 8.1
Bonjour
Broadcom 440x 10/100 Integrated Controller
Browser Hijack Blaster v1.0
CCleaner
Compatibility Pack for the 2007 Office system
Creative Diagnostics
Creative Software AutoUpdate
Creative System Information
Creative ZEN
Dell ResourceCD
Dimension 4 v5.0
EVEREST Home Edition v2.20
Family Tree Maker
Free DWG Viewer 6.3
Free Video to JPG Converter version 1.5
getPlus(R)
Greeting Card Factory Photo Card Maker
Harry Potter Lumos Screen Saver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Deskjet All-In-One Software 8.0
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP OrderReminder
HP Solution Center 8.0
ImageMixer VCD2
ImgBurn
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Network Connect 6.0.0
LADSPA_plugins-win-0.4.15
LaserJet 1018
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software 1.14.17.1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Tattoo Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribeTemplateLabeler
Macromedia Flash Player
MGTEK dopisp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! for Windows XP
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Paint Shop Pro 5.0
Paragon Drive Backup™ 9 Professional
Picture Package
PowerDVD
QuickTime
QuickTime for Windows (32-bit)
Roxio PhotoSuite 5
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic RecordNow!
Sony USB Driver
Sound Blaster Live!
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPER © Version 2009.bld.36 (June 10, 2009)
Tarzan Activity Center
TaxACT 2009
TaxACT 2009 Alabama
TI-Black Link
TI-Graph Link 85
TI-Graph Link 86
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
USB 2.0 Switch Utility Software
USB2.0 Capture Device
VC 9.0 Runtime
VC 9.0 Runtime
Viewpoint Media Player
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Updates Downloader
Windows XP Service Pack 3
WinZip
ZEN Media Explorer
ZoneAlarm