Drdroopy,

First, I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

• Click Start, point to Settings, and then click Control Panel.
• In Control Panel, double-click Add or Remove Programs.
• In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
• Do the same for each Viewpoint component.

====================================

Next, Please visit Virustotal

• Click the Browse.. button
• Navigate to the file C:\Users\Droopy\Documents\aionmemo_7ba38510.dat
  Click the Open button
• Click the Send button
• Do the same for C:\Windows\iun6002.exe
• Copy and paste the URL's results into a new reply in this thread please.

If VirusTotal is busy please use Jotti
============================

Finally, Follow that up with this:

Go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Once the scan is completed, please hit the notepad icon next to the text Export to:
• Save it to a convenient location such as your Desktop
• Post the contents of the ActiveScan.txt in your next reply

removed viewpoint, attached are the logs from virustotal and activescan, both found viruses, how would i go about removing them as i would have to pay for active scan to remove the objects

drdroopy,

Did you upload C:\Windows\iun6002.exe for review?

In addition to the above please upload the following to VirusTotal

C:\Program Files (x86)\Internet Download Manager\Keygen.exe

C:\Program Files (x86)\Rushmore Casino\lbyinst.exe

C:\Program Files (x86)\TESTOUT\cmi\resourcereports.dll

We'll add whatever comes up as infected from the above to these:

D:\Docs and files\setup-ziggytv.exe
D:\Docs and files\Demon tools\Daemon Tools Pro 4.30.0303 Advanced-DARK0D3R\DTP4300303PRO\DTP4300303PRO.rar

to be removed after the results come back in

attached are the results for the 4 files

Download OTM by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.

• Paste the following code under the area. Do not include the word Code.

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

All processes killed
========== FILES ==========
C:\Program Files (x86)\Internet Download Manager\Keygen.exe moved successfully.
D:\Docs and files\setup-ziggytv.exe moved successfully.
D:\Docs and files\Demon tools\Daemon Tools Pro 4.30.0303 Advanced-DARK0D3R\DTP4300303PRO\DTP4300303PRO.rar moved successfully.
C:\Windows\iun6002.exe moved successfully.
C:\Program Files (x86)\Rushmore Casino\lbyinst.exe moved successfully.
LoadLibrary failed for C:\Program Files (x86)\TESTOUT\cmi\resourcereports.dll
C:\Program Files (x86)\TESTOUT\cmi\resourcereports.dll NOT unregistered.
C:\Program Files (x86)\TESTOUT\cmi\resourcereports.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Droopy
File delete failed. C:\Users\Droopy\AppData\Local\Temp\e5c3298869cfb46 ef18c1137e42f8613PSK_PLUGINS_0 scheduled to be deleted on reboot.
File delete failed. C:\Users\Droopy\AppData\Local\Temp\FXSAPIDebugLogF ile.txt scheduled to be deleted on reboot.
->Temp folder emptied: -2020466022 bytes
File delete failed. C:\Users\Droopy\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 60529785 bytes
->Java cache emptied: 49699178 bytes
->FireFox cache emptied: 86960441 bytes
->Google Chrome cache emptied: 153934512 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 132091 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP folder deleted successfully.
%systemroot% .tmp files removed: 512000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 12110806 bytes
RecycleBin emptied: 665942 bytes

Total Files Cleaned = -1579.21 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09122009_224846

Files moved on Reboot...
C:\Users\Droopy\AppData\Local\Temp\e5c3298869cfb46 ef18c1137e42f8613PSK_PLUGINS_0 moved successfully.
C:\Users\Droopy\AppData\Local\Temp\FXSAPIDebugLogF ile.txt moved successfully.

Registry entries deleted on Reboot...