Viewpoint Media Player

[mee]

PestPatrol flags some files in the C:\Program Files\Viewpoint\Viewpoint Media Player folder and several associated registry entries on my PC as the Viewpoint Toolbar spyware. However, neither AdAware nor Spybot SD scans report any problem. Doing a Google Search on Viewpoint Media Player results in many sites that say Viewpoint Media Player is indeed spyware. It comes bundled with Adobe Atmosphere, which is apparently how it ended up on my machine. No Viewpoint products appear in my control panel's Add/Remove Programs list but the Adobe Atmosphere player is on the list of programs that can be uninstalled.

Should I try and remove Viewpoint or leave well enough alone? If I do attempt a removal, should I first uninstall the Adobe Atmosphere player and then use PestPatrol to cleanup anything left behind?

[Besttechie]

Hi and Welcome,

Please check the following path, and tell me if it exsists.

C:\Program Files\Viewpoint\Viewpoint Media Player <-- does that file and folder exsist?

If it does not exsist it is just a PestPatrol False-Positive. Which is very common with PestPatrol. I recommend that you uninstall PestPatrol, because of it's know false-positives.

If it does then post back letting me know and we will go from there.

B

[mee]

Yes C:\Program Files\Viewpoint\Viewpoint Media Player does exist on my computer.

[Dragon]

Hi Besttechie asked me to take over as he has to go for the day,

Please do this.

Download 'Hijack This!'. http://www.merijn.org/tiles/hijackthis.zip

Unzip to a convenient permanent folder, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

to make a permanent folder:

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "Hijack" . Now you have a C:\hijack\ folder

[mee]

I already had Hijack This on my PC. Here is the results of the scan I just did.

Logfile of HijackThis v1.99.0

Scan saved at 11:48:19 AM, on 1/9/2005

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\ESET\NOD32KRN.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\ESET\NOD32KUI.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: BHODemon 2.0.lnk.disabled

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/common/common/bin/cabsa.cab

O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab

O16 - DPF: {978C9E23-D4B0-11CE-BF2D-00AA003F40D0} (Microsoft Forms 2.0 Label) - http://activex.microsoft.com/activex/controls/mspert10.cab

O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/application...XClientUtil.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O20 - AppInit_DLLs: Disabled

[Dragon]

well your log is clean so what I would recommend doing it this:

Boot into safe mode, then remove this file

C:\Program Files\Viewpoint\Viewpoint Media Player

then reboot into normal mode that should take care of your problem, it sounds to me that if adaware and spybot aren't finding that as a problem then pestpatrol may have it flagged as a false positive.

[mee]

Thanks Efwis. I'll leave as is. No sense fixing something that isn't broken. Sorry that I posted my log in two places (also posted it over in Hijack This Logs forum) but wasn't sure where you wanted it. Also, sorry about getting your ID wrong. Thanks again.

[Dragon]

no problem, i fyou have any other problems we can help with please post a new question. I am locking this topic now as it seems to have been resolved, safe surfing and enjoy the site.

If you need this thread opened please pm a moderator or Admin with a link to this post in it, with the title of need re-opened.