Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirect - ero-advertising.com - malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirect - ero-advertising.com - malware

Unread postby ndnomad » February 1st, 2009, 6:32 pm

StartupList report, 1/30/09, 5:43:37 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\CSERASER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EnsoniqMixer = starter.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
ioloDelayModule = C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC PROFESSIONAL 6\delay.exe

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 30/1/2009, 9:35:10)

[rename]
C:\WINDOWS\pagefile.csp=C:\WINDOWS\WIN386.SWP
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat
if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS

--------------------------------------------------


Enumerating Browser Helper Objects:

SysShield IE Popup Blocker - C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\PKEXT.DLL - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 4,260 bytes
Report generated in 0.231 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
ndnomad
Active Member
 
Posts: 3
Joined: November 6th, 2008, 6:11 am
Advertisement
Register to Remove

Re: Browser redirect - ero-advertising.com - malware

Unread postby NonSuch » February 3rd, 2009, 12:18 am

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware