[Viewpoint Media Player]

Thanks Efwis. I'll leave as is. No sense fixing something that isn't broken. Sorry that I posted my log in two places (also posted it over in Hijack This Logs forum) but wasn't sure where you wanted it. Also, sorry about getting your ID wrong. Thanks again.

[Viewpoint Media Player]

I already had Hijack This on my PC. Here is the results of the scan I just did.

Logfile of HijackThis v1.99.0

Scan saved at 11:48:19 AM, on 1/9/2005

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\ESET\NOD32KRN.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\ESET\NOD32KUI.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: BHODemon 2.0.lnk.disabled

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/common/common/bin/cabsa.cab

O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab

O16 - DPF: {978C9E23-D4B0-11CE-BF2D-00AA003F40D0} (Microsoft Forms 2.0 Label) - http://activex.microsoft.com/activex/controls/mspert10.cab

O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/application...XClientUtil.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O20 - AppInit_DLLs: Disabled

[Viewpoint Media Player]

Yes C:\Program Files\Viewpoint\Viewpoint Media Player does exist on my computer.

[Viewpoint Media Player]

PestPatrol flags some files in the C:\Program Files\Viewpoint\Viewpoint Media Player folder and several associated registry entries on my PC as the Viewpoint Toolbar spyware. However, neither AdAware nor Spybot SD scans report any problem. Doing a Google Search on Viewpoint Media Player results in many sites that say Viewpoint Media Player is indeed spyware. It comes bundled with Adobe Atmosphere, which is apparently how it ended up on my machine. No Viewpoint products appear in my control panel's Add/Remove Programs list but the Adobe Atmosphere player is on the list of programs that can be uninstalled.

Should I try and remove Viewpoint or leave well enough alone? If I do attempt a removal, should I first uninstall the Adobe Atmosphere player and then use PestPatrol to cleanup anything left behind?