Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan And Downloader


  • Please log in to reply
1 reply to this topic

#1 Jay07

Jay07

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 04 December 2007 - 09:31 AM

Some silly infection takes hold of my system, with fake virus alerts redirecting me to pay- sites like pcsecuresystems.com and savanaweb.com.


So, I have done everything in the "preparation guide".
This is what happened;
Adaware found a trojan, naming was pretty vage.
When asked to repair AW said it was unable to repail all - urging to rescan.
Rescan did not result in alerts.
Trendmicro Housecall reported a log (see below)
S&D reported some http downloaders
Did all the rest like in the preparation guide on this site.
But somehow the damn thing keeps coming up.
This is the third time and I am turning to your 'knowledgables' to tell me whether I will be safe now.

This is the HiJackThis.log of the third run of all steps as described in the "preparation guide' on this site.
(below is the Housecall.log - copy&paste this in your searchbox "" (without the " ")

------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] Load AU 2.64.0.1011 from: [C:\Documents and Settings\Administrator\.
housecall6.6\]
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:54 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:54 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:54 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:55 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:55 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:55 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:55 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:55 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:55 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:55 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote cache [12646]B, currently cached [12646]B.
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[2][4][0][0], newest version[8.5.
1002], url[http://housecall65.trendmicro.com/housecall/activeupdate/engine/
engv85_nt386.zip]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:56 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[3][4][0][0], newest version[485900],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/v_855.
859]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:56 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[3][1024][0][0], newest version[
55700], url[http://housecall65.trendmicro.com/housecall/activeupdate/
pattern/tmaptn.zip]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:56 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[2][268435712][0][0], newest version[
5.3.1103], url[http://housecall65.trendmicro.com/housecall/activeupdate/
engine/dcespy53_x32.zip]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:56 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[2][553648129][0][0], newest version[
5.0.1060], url[http://housecall65.trendmicro.com/housecall/activeupdate/
engine/ssapi32_v5/ssapi32.zip]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:56 P[392] T[1052] Start Download...
Inf Dec 03 11:04:56 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:56 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:56 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:56 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[3][2048][0][0], newest version[916],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/tscptn.
zip]
Inf Dec 03 11:04:56 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:56 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:56 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:56 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:56 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:56 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:56 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:56 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:56 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:56 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:57 P[392] T[1052] Start Download...
Inf Dec 03 11:04:57 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:57 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:57 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:57 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[3][536875008][0][0], newest version[
577], url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/
ssapiptn.zip]
Inf Dec 03 11:04:57 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:57 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:57 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] Start TmuGetUpdateInfo()
Inf Dec 03 11:04:57 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:57 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:57 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:57 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:57 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:57 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:57 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:57 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:57 P[392] T[1052] Start Download...
Inf Dec 03 11:04:57 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:57 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:57 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:57 P[392] T[1052] Callback with Tmu_GET_UPDATE_INFO: item[3][524288][0][0], newest version[80],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/
tmvamain.zip]
Inf Dec 03 11:04:57 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:57 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:57 P[392] T[1052] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 11:04:57 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] new context for thread: 1900
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:57 P[392] T[1900] Start TmuUpdateEx()
Inf Dec 03 11:04:57 P[392] T[1900] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900]
Inf Dec 03 11:04:57 P[392] T[1900] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900\ini_xml.zip]...
Err Dec 03 11:04:57 P[392] T[1900] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:57 P[392] T[1900] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:57 P[392] T[1900] Downloader returns: 4
Inf Dec 03 11:04:57 P[392] T[1900] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:57 P[392] T[1900] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900\server.ini]...
Inf Dec 03 11:04:57 P[392] T[1900] HttpConnection: Connect to source success
Inf Dec 03 11:04:57 P[392] T[1900] Start Download...
Inf Dec 03 11:04:57 P[392] T[1900] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:57 P[392] T[1900] TmDownloader: Download Success
Inf Dec 03 11:04:57 P[392] T[1900] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1900\server.ini
Inf Dec 03 11:04:57 P[392] T[1900] ActiveUpdate start download patch files...
Inf Dec 03 11:04:57 P[392] T[1900] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
engine/dcespy53_x32.zip] to [C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1900\AU_Down\engine\dcespy53_x32.zip]...
Inf Dec 03 11:04:57 P[392] T[1900] HttpConnection: Connect to source success
Inf Dec 03 11:04:57 P[392] T[1900] Start Download...
Inf Dec 03 11:04:58 P[392] T[1900] Successfully wrote cache [264812]B, currently cached [264812]B.
Inf Dec 03 11:04:58 P[392] T[1900] Successfully wrote [264812]B to disk.
Inf Dec 03 11:04:58 P[392] T[1900] TmDownloader: Download Success
Inf Dec 03 11:04:58 P[392] T[1900] Download all patch files success, checking ...
Inf Dec 03 11:04:58 P[392] T[1900] Check [C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1900\AU_Down\engine\dcespy53_x32.zip], size [264812]
Inf Dec 03 11:04:58 P[392] T[1900] Check over, All files are OK.
Inf Dec 03 11:04:58 P[392] T[1900] Unzipping... [C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1900\AU_Down\engine\dcespy53_x32.zip] to [C:\Documents and Settings\
Administrator\.housecall6.6\AU_Temp\392_1900\2\268435712]
Inf Dec 03 11:04:58 P[392] T[1900] Unzip return [0]
Inf Dec 03 11:04:58 P[392] T[1900] Create AuPatch.ini ....
Inf Dec 03 11:04:58 P[392] T[1900] Start to spawn AuPatch, version: 2.64.0.1011
Inf Dec 03 11:04:58 P[392] T[1900] CreateProcess command: "C:\Documents and Settings\Administrator\.housecall6.
6\patch.exe" "C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1900"
Inf Dec 03 11:04:58 P[392] T[1900] Create patch.exe OK.
Inf Dec 03 11:04:58 P[2012] T[2000] AuPatch[2.64.0.1011] argv[1]: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1900
AU Path: C:\Documents and Settings\Administrator\.housecall6.6\
Inf Dec 03 11:04:58 P[2012] T[2000] AuPatch Action: update.
Inf Dec 03 11:04:58 P[2012] T[2000] update: update with new patch agent.
Inf Dec 03 11:04:58 P[2012] T[2000] No patchagent
Inf Dec 03 11:04:58 P[2012] T[2000] Call PatchAgent StartAction with: void.
Inf Dec 03 11:04:58 P[2012] T[2000] Call PatchAgent StartItem with: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1900\AU_Down\engine\dcespy53_x32.zip, 2, 268435712,
0x0, 0x50000.1103, 0x53000.1103
Inf Dec 03 11:04:58 P[2012] T[2000] xcopy from: C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1900\2\268435712\* to: C:\Documents and Settings\Administrator\.
housecall6.6
Inf Dec 03 11:04:58 P[2012] T[2000] Call PatchAgent CheckFileEx( C:\Documents and Settings\Administrator\.
housecall6.6\tsc.exe ) return 1
Inf Dec 03 11:04:58 P[2012] T[2000] callBackForUpdate: Overwrite file(backup.000, C:\Documents and Settings\
Administrator\.housecall6.6\tsc.exe) done.
Inf Dec 03 11:04:58 P[2012] T[2000] Call PatchAgent EndItem with: TRUE, 0x50000.1103, 0x53000.1103
Inf Dec 03 11:04:58 P[2012] T[2000] Call PatchAgent EndAction with: void
Inf Dec 03 11:04:58 P[2012] T[2000] mergeBackupIni: no need to backup.
Inf Dec 03 11:04:58 P[2012] T[2000] Start Parsing the original backup ini(C:\Documents and Settings\
Administrator\.housecall6.6\AU_Backup\AuBackup.ini).
Err Dec 03 11:04:58 P[2012] T[2000] phaseIniForBackup: fetch item count failed.
Inf Dec 03 11:04:58 P[2012] T[2000] phaseIniForBackup: error quit.
Inf Dec 03 11:04:58 P[2012] T[2000] mergeBackupIni: no backup done.
Inf Dec 03 11:04:58 P[2012] T[2000] Writing result file (C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900\AuResult.ini), status = 0
Inf Dec 03 11:04:58 P[2012] T[2000] AuPatch end.
Inf Dec 03 11:04:58 P[392] T[1900] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900]
Inf Dec 03 11:04:58 P[392] T[1900] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:04:58 P[392] T[1900] End TmuUpdateEx()
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] release context for thread: 1900
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] new context for thread: 1900
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] Start TmuUpdateEx()
Inf Dec 03 11:04:58 P[392] T[1900] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900]
Inf Dec 03 11:04:58 P[392] T[1900] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900\ini_xml.zip]...
Err Dec 03 11:04:58 P[392] T[1900] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:58 P[392] T[1900] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:58 P[392] T[1900] Downloader returns: 4
Inf Dec 03 11:04:58 P[392] T[1900] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:58 P[392] T[1900] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900\server.ini]...
Inf Dec 03 11:04:58 P[392] T[1900] HttpConnection: Connect to source success
Inf Dec 03 11:04:58 P[392] T[1900] Start Download...
Inf Dec 03 11:04:58 P[392] T[1900] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:58 P[392] T[1900] TmDownloader: Download Success
Inf Dec 03 11:04:58 P[392] T[1900] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1900\server.ini
Inf Dec 03 11:04:58 P[392] T[1900] No need to update.
Inf Dec 03 11:04:58 P[392] T[1900] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1900]
Inf Dec 03 11:04:58 P[392] T[1900] UpdateManager endwith 4 (40000): There are no new components available. The
product's components are all up to date.
Inf Dec 03 11:04:58 P[392] T[1900] End TmuUpdateEx()
------------------------------
Inf Dec 03 11:04:58 P[392] T[1900] release context for thread: 1900
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] new context for thread: 1052
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 11:04:58 P[392] T[1052] Start TmuUpdateEx()
Inf Dec 03 11:04:58 P[392] T[1052] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:04:58 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\ini_xml.zip]...
Err Dec 03 11:04:58 P[392] T[1052] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 11:04:58 P[392] T[1052] TmDownloader: Connection fail when try to open resource
Err Dec 03 11:04:58 P[392] T[1052] Downloader returns: 4
Inf Dec 03 11:04:58 P[392] T[1052] Download ini_xml.zip fail, try plain file.
Inf Dec 03 11:04:58 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\server.ini]...
Inf Dec 03 11:04:58 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:58 P[392] T[1052] Start Download...
Inf Dec 03 11:04:58 P[392] T[1052] Successfully wrote [12646]B to disk.
Inf Dec 03 11:04:58 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:04:58 P[392] T[1052] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\server.ini
Inf Dec 03 11:04:58 P[392] T[1052] ActiveUpdate start download patch files...
Inf Dec 03 11:04:58 P[392] T[1052] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
pattern/v_855.859] to [C:\Documents and Settings\Administrator\.housecall6.
6\AU_Temp\392_1052\AU_Down\pattern\v_855.859]...
Inf Dec 03 11:04:59 P[392] T[1052] HttpConnection: Connect to source success
Inf Dec 03 11:04:59 P[392] T[1052] Start Download...
Inf Dec 03 11:05:00 P[392] T[1052] Successfully wrote cache [81892]B, currently cached [81892]B.
Inf Dec 03 11:05:00 P[392] T[1052] Successfully wrote [81892]B to disk.
Inf Dec 03 11:05:00 P[392] T[1052] TmDownloader: Download Success
Inf Dec 03 11:05:00 P[392] T[1052] Download all patch files success, checking ...
Inf Dec 03 11:05:00 P[392] T[1052] Check [C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1052\AU_Down\pattern\v_855.859], size [81892]
Inf Dec 03 11:05:00 P[392] T[1052] Check over, All files are OK.
Inf Dec 03 11:05:00 P[392] T[1052] Start merge item[3][4][0][0]. local file specified in the server info file: [
NULL]
Inf Dec 03 11:05:14 P[392] T[1052] RTPatchApply32: cmd: -NoPathSearch "C:\Documents and Settings\
Administrator\.housecall6.6\AU_Temp\392_1052\3\4" "C:\Documents and
Settings\Administrator\.housecall6.6\AU_Temp\392_1052\3\4\v_855.859"
Inf Dec 03 11:05:17 P[392] T[1052] RTPatchApply32: ret: 0
Inf Dec 03 11:05:17 P[392] T[1052] Merge Success.
Inf Dec 03 11:05:17 P[392] T[1052] Create AuPatch.ini ....
Inf Dec 03 11:05:17 P[392] T[1052] Start to spawn AuPatch, version: 2.64.0.1011
Inf Dec 03 11:05:17 P[392] T[1052] CreateProcess command: "C:\Documents and Settings\Administrator\.housecall6.
6\patch.exe" "C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1052"
Inf Dec 03 11:05:17 P[572] T[2028] AuPatch[2.64.0.1011] argv[1]: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052
AU Path: C:\Documents and Settings\Administrator\.housecall6.6\
Inf Dec 03 11:05:17 P[572] T[2028] AuPatch Action: update.
Inf Dec 03 11:05:17 P[572] T[2028] update: update with new patch agent.
Inf Dec 03 11:05:17 P[572] T[2028] No patchagent
Inf Dec 03 11:05:17 P[572] T[2028] Call PatchAgent StartAction with: void.
Inf Dec 03 11:05:17 P[572] T[2028] Call PatchAgent StartItem with: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1052\AU_Down\pattern\v_855.859, 3, 4, 0x0, 0x7687c.
0, 0x76a0c.0
Inf Dec 03 11:05:17 P[572] T[2028] xcopy from: C:\Documents and Settings\Administrator\.housecall6.6\AU_Temp\
392_1052\3\4\* to: C:\Documents and Settings\Administrator\.housecall6.6\
Pattern
Inf Dec 03 11:05:17 P[572] T[2028] Call PatchAgent CheckFileEx( C:\Documents and Settings\Administrator\.
housecall6.6\Pattern\lpt$vpn.859 ) return 1
Inf Dec 03 11:05:17 P[392] T[1052] Create patch.exe OK.
Inf Dec 03 11:05:27 P[572] T[2028] callBackForUpdate: Create file (C:\Documents and Settings\Administrator\.
housecall6.6\Pattern\lpt$vpn.859) done.
Inf Dec 03 11:05:27 P[572] T[2028] Call PatchAgent EndItem with: TRUE, 0x7687c.0, 0x76a0c.0
Inf Dec 03 11:05:27 P[572] T[2028] Call PatchAgent EndAction with: void
Inf Dec 03 11:05:27 P[572] T[2028] mergeBackupIni: no need to backup.
Inf Dec 03 11:05:27 P[572] T[2028] Start Parsing the original backup ini(C:\Documents and Settings\
Administrator\.housecall6.6\Pattern\AU_Backup\AuBackup.ini).
Err Dec 03 11:05:27 P[572] T[2028] phaseIniForBackup: fetch item count failed.
Inf Dec 03 11:05:27 P[572] T[2028] phaseIniForBackup: error quit.
Inf Dec 03 11:05:27 P[572] T[2028] mergeBackupIni: no backup done.
Inf Dec 03 11:05:27 P[572] T[2028] Writing result file (C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052\AuResult.ini), status = 0
Inf Dec 03 11:05:27 P[572] T[2028] AuPatch end.
Inf Dec 03 11:05:27 P[392] T[1052] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1052]
Inf Dec 03 11:05:28 P[392] T[1052] UpdateManager endwith 0 (0): Success
Inf Dec 03 11:05:28 P[392] T[1052] End TmuUpdateEx()
------------------------------
Inf Dec 03 11:05:28 P[392] T[1052] release context for thread: 1052
------------------------------
Inf Dec 03 13:42:10 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:10 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:10 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:10 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:10 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:10 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:10 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:11 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:11 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:11 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:11 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:11 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:11 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:11 P[392] T[1444] Start Download...
Inf Dec 03 13:42:11 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:11 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:11 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:11 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[2][4][0][0], newest version[8.5.
1002], url[http://housecall65.trendmicro.com/housecall/activeupdate/engine/
engv85_nt386.zip]
Inf Dec 03 13:42:11 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:11 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:11 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:11 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:11 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:11 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:11 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:11 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:11 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:11 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:11 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:11 P[392] T[1444] Start Download...
Inf Dec 03 13:42:11 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:11 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:11 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:11 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[3][4][0][0], newest version[485900],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/
vsapi859.zip]
Inf Dec 03 13:42:11 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:11 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:11 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:11 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:11 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:11 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:11 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:11 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:11 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:11 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:11 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:12 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:12 P[392] T[1444] Start Download...
Inf Dec 03 13:42:12 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:12 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:12 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:12 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[3][1024][0][0], newest version[
55700], url[http://housecall65.trendmicro.com/housecall/activeupdate/
pattern/tmaptn.zip]
Inf Dec 03 13:42:12 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:12 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:12 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:12 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:12 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:12 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:12 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:12 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:12 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:12 P[392] T[1444] Start Download...
Inf Dec 03 13:42:12 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:12 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:12 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:12 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[2][268435712][0][0], newest version[
5.3.1103], url[http://housecall65.trendmicro.com/housecall/activeupdate/
engine/dcespy53_x32.zip]
Inf Dec 03 13:42:12 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:12 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:12 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:12 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:12 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:12 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:12 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:12 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:12 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:12 P[392] T[1444] Start Download...
Inf Dec 03 13:42:12 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:12 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:12 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:12 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[2][553648129][0][0], newest version[
5.0.1060], url[http://housecall65.trendmicro.com/housecall/activeupdate/
engine/ssapi32_v5/ssapi32.zip]
Inf Dec 03 13:42:12 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:12 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:12 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:12 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:12 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:13 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:13 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:13 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:13 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:13 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:13 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:13 P[392] T[1444] Start Download...
Inf Dec 03 13:42:13 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:13 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:13 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:13 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[3][2048][0][0], newest version[916],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/tscptn.
zip]
Inf Dec 03 13:42:13 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:13 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:13 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:13 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:13 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:13 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:13 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:13 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:13 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:13 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:13 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:13 P[392] T[1444] Start Download...
Inf Dec 03 13:42:13 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:13 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:13 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:13 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[3][536875008][0][0], newest version[
577], url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/
ssapiptn.zip]
Inf Dec 03 13:42:13 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:13 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:13 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] release context for thread: 1444
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] new context for thread: 1444
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[ResumeDownload] value[1]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[CachePath] value[C:\Documents and Settings\Administrator\.
housecall6.6\Update]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Set key[RetryCount] value[3]
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] Start TmuGetUpdateInfo()
Inf Dec 03 13:42:13 P[392] T[1444] Creating Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:13 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
ini_xml.zip] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\ini_xml.zip]...
Err Dec 03 13:42:13 P[392] T[1444] HttpConnection: Client Error: HTTP 404 Not Found
Err Dec 03 13:42:13 P[392] T[1444] TmDownloader: Connection fail when try to open resource
Err Dec 03 13:42:13 P[392] T[1444] Downloader returns: 4
Inf Dec 03 13:42:13 P[392] T[1444] Download ini_xml.zip fail, try plain file.
Inf Dec 03 13:42:13 P[392] T[1444] Downloading [http://housecall65.trendmicro.com/housecall/activeupdate/
server.ini] to [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444\server.ini]...
Inf Dec 03 13:42:13 P[392] T[1444] HttpConnection: Connect to source success
Inf Dec 03 13:42:13 P[392] T[1444] Start Download...
Inf Dec 03 13:42:13 P[392] T[1444] Successfully wrote [12646]B to disk.
Inf Dec 03 13:42:13 P[392] T[1444] TmDownloader: Download Success
Inf Dec 03 13:42:13 P[392] T[1444] Serverini Analyzer Init: C:\Documents and Settings\Administrator\.
housecall6.6\AU_Temp\392_1444\server.ini
Inf Dec 03 13:42:13 P[392] T[1444] Callback with Tmu_GET_UPDATE_INFO: item[3][524288][0][0], newest version[80],
url[http://housecall65.trendmicro.com/housecall/activeupdate/pattern/
tmvamain.zip]
Inf Dec 03 13:42:13 P[392] T[1444] Cleanning Temp dir [C:\Documents and Settings\Administrator\.housecall6.6\
AU_Temp\392_1444]
Inf Dec 03 13:42:13 P[392] T[1444] UpdateManager endwith 0 (0): Success
Inf Dec 03 13:42:13 P[392] T[1444] End TmuGetUpdateInfo()
------------------------------
Inf Dec 03 13:42:13 P[392] T[1444] release context for thread: 1444















This is the housecall.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:21, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The jokwmp - {6BA27973-068D-4F85-BE84-1251E0B20FD3} - C:\WINDOWS\jokwmp.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\Administrator\Application Data\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?814a65b3ebd148b2bcbe310629192d66
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?814a65b3ebd148b2bcbe310629192d66
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200601...meInstaller.exe
O21 - SSODL: rmvgor - {7E0CE8B8-7A0D-41F4-A714-354F6C1BA790} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: sapnet - {9A0C4032-7E6C-4BE0-9F7C-7766DF4ABE3F} - C:\WINDOWS\sapnet.dll
O23 - Service: McAfee Application Installer Cleanup (0281871196445590) (0281871196445590mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028187~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9270 bytes

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 04 December 2007 - 10:11 AM

Hi -

I see that you are running Spybot Search and Destroy's TeaTimer. You will have to disable TeaTimer because it will interfere with the tools that we will be using.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

To disable TeaTimer:
1. Open Spybot-S&D
2. Go to the Mode menu, and make sure "Advanced Mode" is selected
3. On the left hand side, choose Tools -> Resident
4. Uncheck "Resident TeaTimer" and OK any prompts
5. Restart your computer.

Download SmitfraudFix by S!ri and save it to your dekstop.
- Double-click onto SmitFraudFix.exe and a folder named SmitfraudFix will be created on your Desktop.
- Double-click smitfraudfix.exe
- Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns, so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt on the root of your drive, e.g.: Local Disk C: or partition where your operating system is installed. You will be requested to post this log in your next reply along with any other requested logs.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

IMPORTANT: Do NOT run any other options until you are asked to do so!

Please post back with rapportxt and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users