bi.log | ClrSchIEPlugin.log | ss.log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sinsation

Thread Starter
Joined
Sep 15, 2003
Messages
323
I found these in c:\ just now, not sure if they're from a previous time when I removed that win32bi stuff or what they are. Should I rescan with spyware s&d and adaware just to be sure before deleting them?

bi.log
Environment\CEnvironment: Temp = 'C:\windows\TEMP'
Environment\CEnvironment: Tmp = 'c:\windows\TEMP'
Environment\CEnvironment: WinDir = 'C:\WINDOWS'
Environment\CEnvironment: SystemRoot = 'C:\WINDOWS'
Environment\CEnvironment: SystemDrive = 'C:'
Environment\CEnvironment: ProgramFiles = '\Program Files'
Environment\CEnvironment: ComputerName = '-- undefined --'
Environment\CEnvironment: OperatingSystem = '-- undefined --'
Environment\CEnvironment: HomePath = '-- undefined --'

BI\main: BI module starting ...
Registry\Read_DWORD_Value: Error reading key 'SOFTWARE\ClrSch\bi': The system cannot find the file specified.

BI\main: Promo code for this installation is 14.
Internet\Connection_Available: Unknown connection type.
BI\Wait_For_Online: Connected! ... exiting.
BI\main: Opening BI status query URL 'http://sds.clrsch.com/bi?promo=14'.
Internet\Get_Page: Error 12007 opening URL 'http://sds.clrsch.com/bi?promo=14'.
BI\main: Error 12007 opening installation status URL.
BI\main: Completed.
ClrSchIEplugin.log
Environment\CEnvironment: Temp = 'C:\windows\TEMP'
Environment\CEnvironment: Tmp = 'c:\windows\TEMP'
Environment\CEnvironment: WinDir = 'C:\WINDOWS'
Environment\CEnvironment: SystemRoot = 'C:\WINDOWS'
Environment\CEnvironment: SystemDrive = 'C:'
Environment\CEnvironment: ProgramFiles = '\Program Files'
Environment\CEnvironment: ComputerName = '-- undefined --'
Environment\CEnvironment: OperatingSystem = '-- undefined --'
Environment\CEnvironment: HomePath = '-- undefined --'

ClrSchIEplugin\Remove_Old_Versions: Removing old versions of the plug-in.
Registry\Delete_Value: Error opening path 'BHO.clsUrlSearch\Clsid' for key deletion: The system cannot find the file specified.

Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0740576F-730B-11D6-8A8B-0050BA8452C0}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6B67CDC-81F8-11D6-8A8C-0050BA8452C0}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA76C2D7-15A9-4E80-A942-191F02BDCA91}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{730F2451-A3FE-4A72-938C-FC8A74F15978}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}' not found.
Registry\Unregister_DLL: Error loading DLL 'C:\WinIe\bho.dll'.
Registry\Unregister_DLL: Error loading DLL 'C:\Progra~1\Intern~1\bho.dll'.
Registry\Unregister_DLL: Error loading DLL 'C:\WINDOWS\system32\bho.dll'.
Registry\Unregister_DLL: Error loading DLL 'C:\WINDOWS\system\bho.dll'.
Registry\Unregister_DLL: Error loading DLL 'C:\WINDOWS\system32\rsp.dll'.
Registry\Unregister_DLL: Error loading DLL 'C:\WINDOWS\system\rsp.dll'.
Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinStart.exe' NOT deleted: The system cannot find the file specified.

Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinStart001.exe' NOT deleted: The system cannot find the file specified.

Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45C53868-BEFE-4C7E-BABF-A78B21445C01}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000000}' not found.
Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BabeIE' NOT deleted: The system cannot find the file specified.

Registry\Key_Exists: Registry key 'SOFTWARE\New.net' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCF0185A-C4B3-43EB-8E96-CD1392ABE92E}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08E1C8E1-E565-44fc-A766-C9539BB3ABB7}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6250FB8-2206-499E-A7AA-E1EC437E71C0}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2662BDD7-05D6-408F-B241-FF98FACE6054}' not found.
Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XupiterCfgLoader' NOT deleted: The system cannot find the file specified.

Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XupiterStartup' NOT deleted: The system cannot find the file specified.

Registry\Delete_Value: Registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XupiterToolbarUninstaller' NOT deleted: The system cannot find the file specified.

Registry\Write_Value: Registry Key 'SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}' new value is ''.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E3D9BB01-877C-11d6-9408-00409530574B}' not found.
Registry\Key_Exists: Registry key 'SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{CFCDA454-78A0-404A-90E9-AD589DA7E059}' not found.
Util\Remove_File: File 'C:\WINDOWS\Start Menu\MODULEs\Startup\Netword Agent.lnk' NOT removed: not found.
ClrSchIEplugin\Remove_Startup_Apps: Error changing the working directory to 'C:\WINDOWS\Profiles\'.
ClrSchIEplugin\Remove_Old_Versions: Completed.

ClrSchIEplugin\Repair_Hosts_File: Modifying HOSTS file 'C:\WINDOWS\hosts'.
ClrSchIEplugin\Repair_Hosts_File: HOSTS file 'C:\WINDOWS\hosts' NOT found, nothing to do.
ClrSchIEplugin\Repair_Hosts_File: completed.

Util\Create_File: Create_File: successfully wrote 47451 bytes to 'IE_ClrSch.DL_'.
Util\Decompress_File: Decompress_File: opened source (compressed) file 'IE_ClrSch.DL_' for reading.
Util\Decompress_File: Decompress_File: opened destination (decompressed) file 'IE_ClrSch.DLL.dat' for writing.
Util\Decompress_File: Decompress_File: successfully decompressed file 'IE_ClrSch.DL_' into 'IE_ClrSch.DLL.dat'.
Util\Decompress_File: Decompressed file size is 78336 bytes.
Util\Copy_File: File 'IE_ClrSch.DLL.dat' copied to 'IE_ClrSch.DLL'.
Util\Decompress_File: Successfully copied file 'IE_ClrSch.DLL.dat' to 'IE_ClrSch.DLL'.
Util\Decompress_File: Succesfully remove temporary DAT file 'IE_ClrSch.DLL.dat'.
ClrSchIEplugin\Install_ClrSchIEplugin: Installing version 18 of '\Program Files\ClearSearch\IE_ClrSch.DLL'.
Util\Copy_File: File 'IE_ClrSch.DLL' copied to '\Program Files\ClearSearch\IE_ClrSch.DLL'.
Registry\Create_Key: Registry path 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313}' created.
Registry\Write_Value: Registry Key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313}\' new value is 'Clear Search'.
Util\Remove_File: File 'IE_ClrSch.DL_' removed.
Util\Remove_File: File 'IE_ClrSch.DLL' removed.
ClrSchIEplugin\Install_ClrSchIEplugin: Completed.
ss.log
Environment\CEnvironment: Temp = 'C:\windows\TEMP'
Environment\CEnvironment: Tmp = 'c:\windows\TEMP'
Environment\CEnvironment: WinDir = 'C:\WINDOWS'
Environment\CEnvironment: SystemRoot = 'C:\WINDOWS'
Environment\CEnvironment: SystemDrive = 'C:'
Environment\CEnvironment: ProgramFiles = '\Program Files'
Environment\CEnvironment: ComputerName = '-- undefined --'
Environment\CEnvironment: OperatingSystem = '-- undefined --'
Environment\CEnvironment: HomePath = '-- undefined --'

SS\main: SS module starting ...
Util\Remove_File: File '\Program Files\ClearSearch\Lycos2.dll' NOT removed: not found.
Registry\Read_DWORD_Value: Error reading key 'SOFTWARE\ClrSch\ss': The system cannot find the file specified.

SS\main: Promo code for this installation is 14.
Internet\Connection_Available: Unknown connection type.
SS\Wait_For_Online: Connected! ... exiting.
SS\main: Opening SS status query URL 'http://sds.clrsch.com/ss?promo=14'.
Internet\Get_Page: Error 12007 opening URL 'http://sds.clrsch.com/ss?promo=14'.
SS\main: Error 12007 opening installation status URL.
SS\main: Completed.
And finally my hjt log
Logfile of HijackThis v1.97.2
Scan saved at 12:05:29 PM, on 9/20/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\KMAESTRO\KMAESTRO.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\MY DOCUMENTS\SECURITY\ZONEALARM\ZONEALARM.EXE
C:\EFDTOP\DTLOADER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\DESKTOP\DICONS\DICONS.EXE
C:\MY DOCUMENTS\SECURITY\SPYWAREGUARD\SGMAIN.EXE
C:\EFDTOP\WINXSERVER.EXE
C:\MY DOCUMENTS\SECURITY\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMS\AIM\AIM.EXE
C:\MY DOCUMENTS\SECURITY\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0409&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0409&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0409&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Exploiter I set this myself so it's not something bad.
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\MY DOCUMENTS\SECURITY\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ProDsl] C:\WINDOWS\ProDsl.exe /P
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [KeyMaestro] C:\KMAESTRO\KMaestro.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe -I
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: EDLoader.lnk = C:\EfDtop\DTLoader.exe
O4 - Startup: Shortcut to Dicons.exe.lnk = C:\My Documents\Desktop\Dicons\Dicons.exe
O4 - Startup: SpywareGuard.lnk = C:\My Documents\Security\Spywareguard\sgmain.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\My Documents\Security\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37872.7609837963
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 
Joined
Oct 9, 2001
Messages
9,396
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
its whats left of a LOP hijacking.

the logs can do no harm but i would delete them anyway.

;)
 
Joined
Oct 9, 2001
Messages
9,396
i was posting the link for you to see for yourself and then read your last post .
if its your isp its fine.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top