sUBs

Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of filepaths into the Suspicious File Packer window:

C:\WINDOWS\system32\clbcatfx.dll

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.



------------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\rcltlagr.dll (file missing)
O2 - BHO: (no name) - {2E8F755F-9695-4A78-90D7-42673A40072F} - C:\WINDOWS\system32\clbcatfx.dll
O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\system32\mpegcore.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {FDAF7AD6-0B2C-4D08-9724-D3B7B0D34AE9} - C:\WINDOWS\system32\jtciwqjo.dll (file missing)
O23 - Service: A3filt - - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


---------------


Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:

• Viewpoint

Please note any other programs that you dont recognize in that list in your next response


------------------



Open notepad and copy/paste the text in the quotebox below into it:

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run. It shall produce a log to be posted in the next reply


------------------


Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


REBOOT YOUR MACHINE AFTER THIS


---------------


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools → Folder Options → View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

• C:\WINDOWS\system32\clbcatfx.dll
  C:\Program Files\Viewpoint\

------------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. We only require a report from it.
  It does not provide an option to clean/disinfect.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

__________________
اذا كان الجبل لن يأتي لمحمد ، ومحمد سيتوجه الى الجبل