Had Ceres Pop-up

Roastback · Apr 19, 2005

Hi,
I had the Ceres Pop-up and have done some things since. Installed winpatrol, CleanUp!, Ran adaware SE w/ vx2 Cleaner, ran sbybot S&D, and install SpywareBlaster. Here's my log HJT log....

Let me know if you think I should do anything else. Thanks!

Edit by chaslang: Unrequested, inline log removed

chaslang · Apr 19, 2005

Please follow forum guidelines and read and follow the steps in the sticky threads. You must not post HijackThis logs unless reuqested to. And then they must be posted as attachments.

Do you have any current malware problems! If so, run the steps below. If not, what is the purpose of posting your HJT log.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Roastback · Apr 19, 2005

OK, Thanks. sorry about not doing the correct rules. I'm a newbie. Ok, I sent my log file as an attachment.

Please let me know how it looks.

Thanks!

chaslang · Apr 19, 2005

Do you know what this EMS Desktop 2000.exe program is?
O4 - Global Startup: EMS Desktop 2000.lnk = C:\EMS2001.5\EMS Desktop 2000.exe

Why do you have this webconference.com in your Trusted Zone?
O15 - Trusted Zone: https://*.webconference.com

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\frennk.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} -

After clicking Fix, exit HJT.
Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Roastback · Apr 19, 2005

The EMS Desktop program is a Paramedic Problem that I support. You don't need to worry about that. I know what it is.

Does webconference need to be a trusted zone to work? It's so I can control some of my user's computers from home.

When I run HJT and to fix the selected do you want me in Safemode? Becuase the last line says to reboot in normal mode.

Thanks for your help!

chaslang · Apr 19, 2005

Roastback said:

Does webconference need to be a trusted zone to work? It's so I can control some of my user's computers from home.
Click to expand...

Is it really necessary to be in the Trusted Zone for you to get access.

Roastback said:

When I run HJT and to fix the selected do you want me in Safemode? Becuase the last line says to reboot in normal mode.
Click to expand...

No! I just wanted you to reboot after fixing the problem! But it would not matter if you fixed them in safe mode.

Log in or Sign up

Had Ceres Pop-up

Roastback Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Roastback Private E-2

Attached Files:

hijackthis after.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Roastback Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member