Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Hijack - "ero-advertising.com"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Hijack - "ero-advertising.com"

Unread postby ndnomad » February 8th, 2009, 7:09 pm

StartupList report, 1/30/09, 5:43:37 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\CSERASER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EnsoniqMixer = starter.exe
avast! Web Scanner = C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv = C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

avast! = C:\Program Files\Alwil Software\Avast4\ashServ.exe
ioloDelayModule = C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC PROFESSIONAL 6\delay.exe

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 30/1/2009, 9:35:10)

[rename]
C:\WINDOWS\pagefile.csp=C:\WINDOWS\WIN386.SWP
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI
NUL=C:\WINDOWS\COOKIES\INDEX.DAT
NUL=C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT
NUL=C:\WINDOWS\TEMPOR~1\CONTENT.IE5

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat
if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS

--------------------------------------------------


Enumerating Browser Helper Objects:

SysShield IE Popup Blocker - C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\PKEXT.DLL - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 4,260 bytes
Report generated in 0.231 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
ndnomad
Active Member
 
Posts: 3
Joined: November 6th, 2008, 6:11 am
Advertisement
Register to Remove

Re: Browser Hijack - "ero-advertising.com"

Unread postby Dakeyras » February 9th, 2009, 7:01 am

Hi,

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

Guideline for posting your HijackThis log
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware