Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Need to get rid of Ceres. Popups continue after ad-aware and Spybot searches

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Closed Thread
 
LinkBack Thread Tools
Old 24th January 2005   #1
Inactive
 
Profile:
Join Date: Jan 2005
Posts: 3
Computer Experience:
Beginner
Hobbs70 Reputation Level
Need to get rid of Ceres. Popups continue after ad-aware and Spybot searches
Please assist me as I have provided the log below from HijackThis.

Ceres is driving me nuts!

Thanks in advance,
Jon


Logfile of HijackThis v1.99.0
Scan saved at 8:26:42 PM, on 1/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\JoiExpress\propelac.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
D:\WINNT\mmups.exe
D:\winnt\system32\hzonmy.exe
D:\WINNT\system32\wsxsvc\wsxsvc.exe
D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
D:\winnt\system32\calc.exe
D:\WINNT\system32\prutlct.exe
D:\WINNT\system32\prutlct.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
D:\Documents and Settings\Austin Stakes\Desktop\HijackThis\hijackthis\HijackThis.ex e

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.MyJoi.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.MyJoi.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.se1.attbb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - D:\WINNT\Ceres.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - D:\Program Files\JoiExpress\prpl_IePopupBlocker.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Propel Accelerator] D:\Program Files\JoiExpress\propelac.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [tgtqnkp] D:\WINNT\tgtqnkp.exe
O4 - HKLM\..\Run: [mediamotor.exe] D:\WINNT\mmups.exe
O4 - HKLM\..\Run: [loads.exe] D:\WINNT\suploads.exe
O4 - HKLM\..\Run: [hzonmy] d:\winnt\system32\hzonmy.exe
O4 - HKLM\..\Run: [Dvx] D:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [prutlct] D:\WINNT\system32\prutlct.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Allow pop-ups from this site - D:\Program Files\JoiExpress\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - D:\Program Files\JoiExpress\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - D:\Program Files\JoiExpress\pac-image.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/gam...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/gam...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/gam...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/gam...nts/y/st2_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/s...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/s...,18/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hobbs70 is offline  
Didn't find the information you thought to find?
Check out these Similar Threads
Old 25th January 2005   #2
WindowsBBS Team Member
 
markp62's Avatar
 
Profile:
Join Date: May 2002
Location: Coppell, TX
Posts: 3,871
Computer Experience:
Experimediate
markp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Level
You have GAIN among other things, a very old malware, makes me wonder if you used Spybot or Ad-Aware, or the startup entry is just an orphan.

Uninstall the MyWay and reboot.
Uninstall WinTools if there and reboot.
You could uninstall Viewpoint Manager, you got it when you installed AIM, your choice.
Uninstall WildTangent.

Remove these items in HJT.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - D:\WINNT\Ceres.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [tgtqnkp] D:\WINNT\tgtqnkp.exe
O4 - HKLM\..\Run: [mediamotor.exe] D:\WINNT\mmups.exe
O4 - HKLM\..\Run: [loads.exe] D:\WINNT\suploads.exe
O4 - HKLM\..\Run: [Dvx] D:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [prutlct] D:\WINNT\system32\prutlct.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Reboot and delete these folders and files.

D:\Program Files\Common Files\GMT
D:\Program Files\MyWay
D:\Program Files\E2G
D:\Program Files\Common Files\WinTools
D:\WINNT\system32\Wsxsvc
D:\Program Files\WildTangent

D:\WINNT\Ceres.dll
D:\WINNT\tgtqnkp.exe
D:\WINNT\mmups.exe
D:\WINNT\suploads.exe
D:\WINNT\system32\prutlct.exe
markp62 is offline  
Old 25th January 2005   #3
Inactive
 
Profile:
Join Date: Jan 2005
Posts: 3
Computer Experience:
Beginner
Hobbs70 Reputation Level
Question So far so good... I think. How do I look now?
Thank you my friend for your response and your time. I'd like to show you now what it looks like. I will miss Gator as it helped me remember passwords and logins for sites but it is gone. I could not delete CERES as it said it was in use by Windows.
Anyway, let me know what you think I need to do now. I want to be rid of this junk once and for all!

Cheers,
Jon
===================================

Logfile of HijackThis v1.99.0
Scan saved at 12:06:52 AM, on 1/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\winnt\system32\hzonmy.exe
D:\WINNT\system32\prutlct.exe
D:\winnt\system32\packager.exe
D:\WINNT\system32\prutlct.exe
D:\Documents and Settings\Austin Stakes\Desktop\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.MyJoi.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.MyJoi.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - D:\WINNT\Ceres.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - D:\Program Files\JoiExpress\prpl_IePopupBlocker.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Propel Accelerator] D:\Program Files\JoiExpress\propelac.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [hzonmy] d:\winnt\system32\hzonmy.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [prutlct] D:\WINNT\system32\prutlct.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...7/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...18/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hobbs70 is offline  
Old 25th January 2005   #4
Inactive
 
Profile:
Join Date: Jan 2005
Posts: 2
Computer Experience:
Intermediate
Loncaraf Reputation Level
Kaz2604 Ceres
I just removed this program from my computer and think it is totally gone. This is what I did:

1- I did a search and found the file on my computer
2- I clicked on properties to see who made the program (abetterinternet.com)
3- I went to their site hxxp://www.abetterinternet.com/ceres/ and read the instructions on how to remove it
4- They redirected me to www.MyPCTuneup.com
5- I ran that program and rebooted and Ceres is gone (I hope-- It hasn't popped-up and is not coming up on a search so let's cross our fingers!)

Try it!

Edited: Those websites are not safe to visit !!(lonny)
Loncaraf is offline  
Old 26th January 2005   #5
Inactive
 
Profile:
Join Date: Jan 2005
Posts: 3
Computer Experience:
Beginner
Hobbs70 Reputation Level
Which site isn't safe you referenced two?
I don't understand. Should I go there or not and which isn't safe?

I'm still getting the Cres popups!

I'll send the person who helps me remove it a gift! How is a mini beer cooler?
Hobbs70 is offline  
Old 27th January 2005   #6
WindowsBBS Team Member
 
markp62's Avatar
 
Profile:
Join Date: May 2002
Location: Coppell, TX
Posts: 3,871
Computer Experience:
Experimediate
markp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Levelmarkp62 Reputation Level
No, do not go to those places. It is like letting the fox guard the henhouse.
Go here for a step by step.
http://www.trendmicro.com/vinfo/gray...DW_TRANSPOND.A
Or you can do this to rip it out.
Disable System Restore and reboot.
Go to Start\Run, type in CMD and press Enter. Use this command in the dos window.
regsvr32 /u ceres.dll
Install MoveOnBoot. When done, right click on the file and select to Move on Next Boot. Then reboot and the file will be deleted.
Please post a new HJT log after all this.
markp62 is offline  



Closed Thread

« Spyware Problems | My computer is slow, and writes italic. Hijack log. »
Thread Tools



All times are GMT +1. The time now is 07:52.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32