Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Project1 And Muon/zestyfind Pop-ups.

  • This topic is locked This topic is locked
4 replies to this topic

#1 siii


  • Members
  • 2 posts
  • Local time:12:50 PM

Posted 17 June 2006 - 03:17 AM

hey there just joined this forum cos i need help fixing my comp which i think is quite plagued with some unwelcomed visitors. been having this pop-up/under things from muon and zesty-find and all sorts of funny windows stalling and slowing my comp for ages. after googling the problem, i realized that loadsa people been having the same problem. i downloaded hijackthis and heres my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:13:26 PM, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-au3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sysbin] C:\WINDOWS\msagent\chars\sysbin.exe
O4 - HKLM\..\Run: [*sysbin] C:\WINDOWS\msagent\chars\sysbin.exe
O4 - HKLM\..\Run: [*vbps] C:\WINDOWS\inf\vbps.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [*expsvr] C:\WINDOWS\Help\expsvr.exe
O4 - HKLM\..\Run: [*playdrv] C:\WINDOWS\Help\playdrv.exe
O4 - HKLM\..\Run: [*aclog] C:\WINDOWS\Cursors\aclog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rnmr3E0NR] C:\WINDOWS\ewjycfn.exe
O4 - HKLM\..\Run: [Epwdj] C:\Program Files\Fnqykav\Rojvx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\sa\saap.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [defender] C:\\defender26.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [mmdrv] "C:\WINDOWS\system32\mmdrv.exe"
O4 - HKCU\..\Run: [comrepl] "C:\WINDOWS\system32\comrepl.exe"
O4 - HKCU\..\Run: [ovui2] "C:\WINDOWS\system32\ovui2.exe"
O4 - HKCU\..\Run: [isrdbg32] "C:\WINDOWS\system32\isrdbg32.exe"
O4 - HKCU\..\Run: [hticons] "C:\WINDOWS\system32\hticons.exe"
O4 - HKCU\..\Run: [finfcopy] "C:\WINDOWS\system32\finfcopy.exe"
O4 - HKCU\..\Run: [bootvid] "C:\WINDOWS\system32\bootvid.exe"
O4 - HKCU\..\Run: [polstore] "C:\WINDOWS\system32\polstore.exe"
O4 - HKCU\..\Run: [dsound3d] "C:\WINDOWS\system32\dsound3d.exe"
O4 - HKCU\..\Run: [usbmon] "C:\WINDOWS\system32\usbmon.exe"
O4 - HKCU\..\Run: [samsrv] "C:\WINDOWS\system32\samsrv.exe"
O4 - HKCU\..\Run: [kbdlt1] "C:\WINDOWS\system32\kbdlt1.exe"
O4 - HKCU\..\Run: [kbdur] "C:\WINDOWS\system32\kbdur.exe"
O4 - HKCU\..\Run: [ntprint] "C:\WINDOWS\system32\ntprint.exe"
O4 - HKCU\..\Run: [termmgr] "C:\WINDOWS\system32\termmgr.exe"
O4 - HKCU\..\Run: [netplwiz] "C:\WINDOWS\system32\netplwiz.exe"
O4 - HKCU\..\Run: [test] C:\WINDOWS\system32\test.exe
O4 - HKCU\..\Run: [vwmanager] C:\WINDOWS\system32\vwmanager.exe
O4 - HKCU\..\Run: [test2] C:\WINDOWS\system32\test2.exe
O4 - HKCU\..\Run: [msieftp] C:\WINDOWS\system32\msieftp.exe
O4 - HKCU\..\Run: [wtsapi32] C:\WINDOWS\system32\wtsapi32.exe
O4 - HKCU\..\Run: [rtutils] C:\WINDOWS\system32\rtutils.exe
O4 - HKCU\..\Run: [in10b6] C:\WINDOWS\system32\in10b6.exe
O4 - HKCU\..\Run: [npptools] C:\WINDOWS\system32\npptools.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\system32\SKS~1\spool32.exe" -vt yazr
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: Blog this! (life) - http://www.blogger.com/contextScripts/blog...?blogID=3473222
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c5.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://sixteenroses.multiply.com/photos/uploader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....bio5_3_12_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\q2rq0c95ef.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

what do i do from here? please help (: thanks !

BC AdBot (Login to Remove)


#2 Rawe


  • Members
  • 2,363 posts
  • Gender:Male
  • Location:Finland
  • Local time:07:50 AM

Posted 17 June 2006 - 10:40 AM

Welcome aboard.. :thumbsup:

Wow you're having a REALLY infected PC there. :flowers:

This will take some time to get it cleaned up, so please be patient and stick to it 'till I say you're clean.


1. Through Control Panel -> Add/Remove programs and uninstall these entries (if any of them are present):


If there are no OIN entries in your Add/Remove programs, please download and run this uninstaller:



2. Then please reboot and delete these folders if found:

C:\Program Files\PurityScan
C:\Program Files\WebHancer

Empty recycle bin.


3. Download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 siii

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:50 PM

Posted 20 June 2006 - 12:15 PM

hey hahaha thanks for the quick reply. ive got eyy some good news and some bad news
hahaha before i actually attempted the steps as given i scanned my comp w ad-aware as advised by the forum i.e.

Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on Perform Full System Scan. Uncheck Search for negligible risk entries and click on Next. Eliminate all that Ad-aware finds. A more thorough tutorial on use Ad-aware can be found here:
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
- Download Ad-Aware SE
Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.

anyways yeah thats what i did and after one fateful restart nothing came up on the screen save the wallpaper i.e. my desktop icons n taskbar poof-ed and disappeared. hurr.

hahaha thats the bad news. the good news is i lugged it to the technician's where my baby's currently being doctored now and you've one less infected pc at hand. ayy.

thanks for the help anyway (:

#4 Rawe


  • Members
  • 2,363 posts
  • Gender:Male
  • Location:Finland
  • Local time:07:50 AM

Posted 20 June 2006 - 12:24 PM

Alright.. So this issue is not an issue anymore and I can go ahead and close the thread? :thumbsup:
Hi there, stranger!

#5 Rawe


  • Members
  • 2,363 posts
  • Gender:Male
  • Location:Finland
  • Local time:07:50 AM

Posted 27 June 2006 - 02:28 AM

Topic closed.
Hi there, stranger!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users