Trying to get rid of CERES

Posted 2/7/2005 10:56 PM
#9321
User avatar

shwimdig Member

Date Joined Nov 2016
Total Posts: 1
Here is my Hijack this log. Any guidance on what to do from here would be greatly appreciated. Thanks. <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.0 <br/>Scan saved at 5:31:35 PM, on 2/7/2005 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\devldr32.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\System32\CTsvcCDA.EXE <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe <br/>C:\WINDOWS\BCMSMMSG.exe <br/>C:\PROGRA~1\NORTON~1\navapw32.exe <br/>C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\Program Files\Dell\Support\Alert\bin\DAMon.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe <br/>C:\WINDOWS\System32\spxjuak.exe <br/>C:\Program Files\DIGStream\digstream.exe <br/>C:\WINDOWS\System32\r?gedit.exe <br/>C:\Program Files\Digital Line Detect\DLG.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\DOCUME~1\ERICCH~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.keduswengemzwhebkfgqdeuyo.net/IhrIu__YHth5UWdwE2RX5Ll4o7s0qn9NfyCocYtkTxZKzzY0qOPO53bDX9wy6ggd.html <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.iwon.com/index.jsp?PG=home&SEC=bnav <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online <br/>O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\Ceres.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe <br/>O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe <br/>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe <br/>O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe <br/>O4 - HKLM\..\Run: [yfyfjdxlbcajh] C:\WINDOWS\System32\spxjuak.exe <br/>O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [Tzvmxm] C:\WINDOWS\System32\r?gedit.exe <br/>O4 - Global Startup: Digital Line Detect.lnk = ? <br/>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? <br/>O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm <br/>O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html <br/>O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll <br/>O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll <br/>O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://www.sidestep.com/get/k42037/sb028.cab <br/>O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab <br/>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12935db6f95cc9653e15/netzip/RdxIE601.cab <br/>O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab <br/>O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab <br/>O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab <br/>O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab <br/>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE <br/>O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Posted 2/8/2005 12:30 AM
#9330
User avatar

Emilio (SVK) Advanced member

Date Joined Nov 2016
Total Posts: 1162
Hi... <br/> <br/>Download Reg Cleaner <br/>http://www.downseek.com/download/21692.asp <br/> <br/>Download Mwav <br/>http://www.spywareinfo.dk/download/mwav.exe <br/> <br/>Download SpySweeper <br/>http://www.webroot.com/downloads/ <br/> <br/>Download Ad-Aware SE <br/>http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5 <br/> <br/>Download ScanSpyware <br/>http://www.scanspyware.net/download.htm <br/> <br/>-------------GO OFFLINE------------- <br/>Check these entries in Hijackthis: <br/>O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\Ceres.dll <br/>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) <br/>O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [yfyfjdxlbcajh] C:\WINDOWS\System32\spxjuak.exe <br/>O4 - HKCU\..\Run: [Tzvmxm] C:\WINDOWS\System32\r?gedit.exe <br/>O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll <br/>O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://www.sidestep.com/get/k42037/sb028.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12935db6f95cc9653e15/netzip/RdxIE601.cab <br/>FIX CHECKED.... <br/> <br/>Safe mode <br/>http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 <br/> <br/>Disable System Restore <br/>http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm <br/> <br/>reboot...safe mode...delete: <br/> <br/>Show hidden files: <br/> http://www.bleepingcomputer.com/forums/index.php?showtutorial=62 <br/> <br/>C:\WINDOWS\System32\r?gedit.exe <br/>C:\WINDOWS\System32\spxjuak.exe <br/>C:\WINDOWS\Downloaded Program Files\SbCIe028.dll <br/>C:\WINDOWS\Ceres.dll <br/> <br/>run scan with Mwav(all scan options) <br/>run scan with Ad-AwareSE (full system scan) <br/>run scan with SpySweper <br/>run scan with ScanSpyware <br/>run scan with RegCleaner (tools---cleanup---do them all) <br/> <br/>Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp. <br/>C:\Windows\Temp\ <br/>C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ <br/>C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\ <br/>C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <<<This will delete your files in your internet cache--including cookies. <br/>C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\ <br/>Empty your "Recycle Bin" <br/> <br/>There are usally a couple of files that you will not be able to delete..this is normal. <br/> <br/>Enable system restore...reboot......
Emilio[sup]29[/sup]

>Hijackthis<>FireFox<
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 7:03 AM (GMT +1)
There are a total of 61,161 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.