Browser Enhancer attacked my pc; my media player is dead
Browser Enhancer appeared when I surfed a website. I immediately used antivir and detected some trojans. Afterwards, my windows media player didn't work. Instead, the Browser Enhancer pops out. My unit is winme and here is my HiJack This log:
Logfile of HijackThis v1.99.0
Scan saved at 11:48:39 AM, on 5/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\E_S4I3S2.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\V38SHELL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S4I3F2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S5I3B1.EXE
C:\WINDOWS\SYSTEM\E_S4I3K2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\SSC SERVICE UTILITY\SSC_SERV.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\SYSTEM\E_S4I3T1.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\SYSTEM\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [V38Shell] V38SHELL.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Serie (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C43 Serie (Copy 2)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\SYSTEM\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O7 "EPUSB1:" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus C41 Serie (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C41 Serie (Copy 2)" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus Photo R2 (Copy 2)] C:\WINDOWS\SYSTEM\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R2 (Copy 2)" /O7 "EPUSB2:" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\SYSTEM\E_S5I3B1.EXE /P26 "EPSON Stylus CX3500 Series" /O5 "LPT1:" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX5 (Copy 2)] C:\WINDOWS\SYSTEM\E_S4I3K2.EXE /P31 "EPSON Stylus Photo RX5 (Copy 2)" /O7 "EPUSB1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\SYSTEM\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O7 "EPUSB1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus CX3100] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3100" /O7 "EPUSB1:" /M "Stylus CX3100"
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O7 "EPUSB1:" /M "Stylus C82"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O7 "EPUSB1:" /M "Stylus C83"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SSC Service Utility] C:\PROGRAM FILES\SSC SERVICE UTILITY\SSC_SERV.EXE /s
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
I hope it's not too late. Thanks.
Logfile of HijackThis v1.99.0
Scan saved at 11:48:39 AM, on 5/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\E_S4I3S2.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\V38SHELL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S4I3F2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S5I3B1.EXE
C:\WINDOWS\SYSTEM\E_S4I3K2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\SSC SERVICE UTILITY\SSC_SERV.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\SYSTEM\E_S4I3T1.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\SYSTEM\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [V38Shell] V38SHELL.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Serie (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C43 Serie (Copy 2)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\SYSTEM\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O7 "EPUSB1:" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus C41 Serie (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C41 Serie (Copy 2)" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus Photo R2 (Copy 2)] C:\WINDOWS\SYSTEM\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R2 (Copy 2)" /O7 "EPUSB2:" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\SYSTEM\E_S5I3B1.EXE /P26 "EPSON Stylus CX3500 Series" /O5 "LPT1:" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX5 (Copy 2)] C:\WINDOWS\SYSTEM\E_S4I3K2.EXE /P31 "EPSON Stylus Photo RX5 (Copy 2)" /O7 "EPUSB1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\SYSTEM\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O7 "EPUSB1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus CX3100] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3100" /O7 "EPUSB1:" /M "Stylus CX3100"
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O7 "EPUSB1:" /M "Stylus C82"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O7 "EPUSB1:" /M "Stylus C83"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SSC Service Utility] C:\PROGRAM FILES\SSC SERVICE UTILITY\SSC_SERV.EXE /s
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\SYSTEM\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
I hope it's not too late. Thanks.
0