BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trying to get rid of CERES
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Trying to get rid of CERES  
Forum Quick Jump
 
New Topic Post reply to : Trying to get rid of CERES Printable version of : Trying to get rid of CERES
[ << Previous Thread | Next Thread >> ]

shwimdig
New Member


Date Joined Feb 2005
Total Posts : 1
 
   Posted 2/8/2005 1:56 AM (GMT +3)    Quote: Trying to get rid of CERESAlert an admin about: Trying to get rid of CERES
Here is my Hijack this log. Any guidance on what to do from here would be greatly appreciated. Thanks.
 
Logfile of HijackThis v1.99.0
Scan saved at 5:31:35 PM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spxjuak.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ERICCH~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.keduswengemzwhebkfgqdeuyo.net/IhrIu__YHth5UWdwE2RX5Ll4o7s0qn9NfyCocYtkTxZKzzY0qOPO53bDX9wy6ggd.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.iwon.com/index.jsp?PG=home&SEC=bnav
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\Ceres.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [yfyfjdxlbcajh] C:\WINDOWS\System32\spxjuak.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tzvmxm] C:\WINDOWS\System32\r?gedit.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://www.sidestep.com/get/k42037/sb028.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12935db6f95cc9653e15/netzip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 
 
Back to Top
 

Emilio (SVK)
Gold Member




Date Joined Jan 2005
Total Posts : 1876
 
   Posted 2/8/2005 3:30 AM (GMT +3)    Quote: Trying to get rid of CERESAlert an admin about: Trying to get rid of CERES
Hi...

Download Reg Cleaner
http://www.downseek.com/download/21692.asp

Download Mwav
http://www.spywareinfo.dk/download/mwav.exe

Download SpySweeper
http://www.webroot.com/downloads/

Download Ad-Aware SE
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

Download ScanSpyware
http://www.scanspyware.net/download.htm

-------------GO OFFLINE-------------
Check these entries in Hijackthis:
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\Ceres.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [yfyfjdxlbcajh] C:\WINDOWS\System32\spxjuak.exe
O4 - HKCU\..\Run: [Tzvmxm] C:\WINDOWS\System32\r?gedit.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://www.sidestep.com/get/k42037/sb028.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12935db6f95cc9653e15/netzip/RdxIE601.cab
FIX CHECKED....

Safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

reboot...safe mode...delete:

Show hidden files:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=62

C:\WINDOWS\System32\r?gedit.exe
C:\WINDOWS\System32\spxjuak.exe
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
C:\WINDOWS\Ceres.dll

run scan with Mwav(all scan options)
run scan with Ad-AwareSE (full system scan)
run scan with SpySweper
run scan with ScanSpyware
run scan with RegCleaner (tools---cleanup---do them all)

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp.
C:\Windows\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <<<This will delete your files in your internet cache--including cookies.
C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
Empty your "Recycle Bin"

There are usally a couple of files that you will not be able to delete..this is normal.

Enable system restore...reboot......


Emilio24

Back to Top
 
New Topic Post reply to : Trying to get rid of CERES Printable version of : Trying to get rid of CERES
 
Forum Information
Currently it is Tuesday, July 22, 2014 10:21 AM (GMT +3)
There are a total of 60,516 posts in 13,304 threads.
In the last 3 days there were 4 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36135 registered members. Please welcome our newest member, ludwinas.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Firewall causing high CPU usage (3)7/22/2014 7:11:23 AM (ludwinas)
Kitchen Burnley (0)7/22/2014 7:01:23 AM (selasa15)
Cant delete annoying music downloader help? (0)7/22/2014 4:06:33 AM (AthruZGaming)
Coventry Kitchen (0)7/22/2014 1:37:36 AM (vasbungas)
Python.exe is malware?? (0)7/21/2014 4:13:18 AM (Leto)