Hi,
Viewpoint, Viewpoint Manager, Viewpoint Media Player
are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components.
Viewpoint Manager is considered as
foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read
Viewpoint to Plunge Into Adware.
If you decide to remove it, please go to start > control panel > add/remove programs then uninstall viewpoint from there.
Delete this folder if you uninstalled viewpoint:
C:\Program Files\
Viewpoint
________
Combofix Deletions- Open notepad.
- Copy and paste the text inside the code box below to notepad
Code:
Killall::
File::
C:\WINDOWS\system32\yutdyrxy.ini
C:\WINDOWS\system32\bdcyahgw.ini
C:\WINDOWS\system32\wmlvgcrr.ini
C:\WINDOWS\system32\wksrjupn.ini
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
Folder::
C:\VundoFix Backups
RENV::
----a-w 253,952 2008-01-06 02:18:39 C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w 339,968 2008-01-06 02:18:36 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 49,152 2008-01-06 02:18:35 C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
----a-w 233,534 2008-01-06 02:18:39 C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w 794,624 2008-01-06 02:18:38 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
----a-w 290,816 2008-01-06 02:18:37 C:\Program Files\HPQ\Quick Launch Buttons\EabServr .exe
----a-w 278,528 2008-01-06 02:18:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 36,975 2008-01-06 02:18:34 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w 282,624 2008-01-06 02:02:40 C:\Program Files\QuickTime\qttask .exe
----a-w 69,632 2008-01-06 02:18:44 C:\Program Files\Softwin\BitDefender10\bdagent .exe
----a-w 290,816 2008-01-06 02:18:42 C:\Program Files\Softwin\BitDefender10\BDMCON~1 .EXE
----a-w 692,316 2008-01-06 02:18:38 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 102,492 2008-01-06 02:18:35 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 311,296 2008-01-06 02:18:40 C:\WINDOWS\system32\hphmon03 .exe
----a-w 196,608 2008-01-06 02:18:40 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04 .exe
Registry::
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mfhvgowg.exe"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4541DD8B-5D11-478E-B443-DA833D5A8698}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73538613-EF18-4628-8EB6-BD2F5F870216}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2d766bc-0543-49d6-a71b-26cace7e452b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tbsa"=-
"Puin"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"75a17511"=-
- Save and Name it as "CFScript"
- Drag and drop CFScript.txt to your copy of combofix.
- You can take a look at the image below if you're unsure on how to do it.
- Combofix wil restart your machine then it will produce a log afterwards.
- Please post the contents of that log along with a fresh HijackThis log.
______
Please do an online scan with
Kaspersky WebScanner
Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.
You will be promted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________
Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
- Click Start > Control Panel
- Click Add/Remove Programs
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove button.
- Repeat as many times as necessary to remove all versions of Java.
- Reboot your computer once all Java components are removed.
Then download
Java Runtime Environment 6u4, and install it to your computer.
On your next reply, please include a
- Fresh HijackThis log (not main.txt)
- kaspersky scan log
- combofix log
__________________
UNITE and ASAP since 2006
If we have helped you, please consider
donating.
The past won't be able to hurt you unless you keep on looking back at it.