Help - daughter clicked "beach pictures"

I've always kept Windows Updates, AdAware, and Spybot updated along with Norton Corporate but my daughter clicked on a file in AIM and my problems began.

I did all the items on the sticky up to and including running hijack this. I also took another clean machine with the same XP home OS and duplicated the security settings and am able to get online but the computer is buggy.

When I try to access certain sites, it tells me that I need to enable cookies. I have always my cookie settings as I do now at "medium" with no issues.

One clue is that I can't update CW Shredder. It says I have a variant of the Coolwebsearch Trogan (CWS.Smartsearch.2).

I have the hijack log but am not well versed in it. Any help would be appreciated.

Mark

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT


We are very busy here at MajorGeeks.Com PhilliePhan, Chaslang or myself with check back when time permits.!

 

I've attached a copy of the file.

Mark

 

First:

You need to extract HijackThis from the ZIP file into the C:\Program Files folder. What you downloaded was HijackThis.zip. That's a compressed file containing hijackthis.exe.

Create a new folder in C:\Program Files and name is HJT. Now extract the file you downloaded into the folder C:\Prorgam Files\HJT

This is VERY important you do this!

After hijackthis.exe is extracted into C:\Prorgam Files\HJT run it again and post the new log.

 

After you have extracted Hijack This into C:\Program Files\HJT.

Procede to the next set of instructions!



Please look in Add or Remove Programs for the following and Uninstall if found:


Viewpoint




Now scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323




NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.



Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Then, reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.



Reboot and Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!

 

I removed a small viewpoint file through Add/Remove programs. I fixed all the lines you mentioned except that 04 - HKLM\...... was no longer showing up on the scan.

Everything else in the directions went smoothly and I've attached the log file I created immediately after rebooting.

The computer is still showing a problem. For instance, when I went to "My E-bay" and hotmail, I received an error message stating there was a problem with my browser, it's rejecting cookies.

Mark

 

Your log is clean!

You probably need to reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.


Now, Go into the "Security Tab" and default all security settings.


Last thing, Go into the "Privacy" tab and default that settings as well.


Let me know if this fixes that problem!

 

I had already done the first part of the web settings as you previously instructed. I reset the other settings to the defaults. The Privacy tab did not have an actual default setting button but the slider was on medium which is where it had always been.

I'm afraid there is something screwy going on here. I've noticed that whenever I send a file to my hotmail account, hotmail says it has a virus. One file came from my office computer and the IT guys assure me I do not have a virus on my work machine.

Mark

 

Make sure your cookies are clean, Run CCleaner and see if that helps!

NOTE: Only run the first 2 scans.

 

I feel like a total Melvin. I've only been running the first tab of the three tabs at the top of the application interface.

Are you saying to only run the first two tabs (Windows and Applications) and not do the third "Issues" tab?

I started running the third but cancelled. In the short time it ran, it found a host of issues to fix. I sure would like to fix them if you think it might do some good.

Mark

 

Yes! Only run Windows and Applications tabs. I wouldnt recommend running the third one because I have experienced problems with that.

 

I set Mozilla as my default browser and it runs very well now. When I use IE, I still get the cookie error, but the computer is acting much better.

If I can't get IE working, I still consider this effort a success and appreciate your help.

Mark

 

I recommend switching to Mozilla Firefox and see if you still have the problems (you shouldn't be using Internet Explorer anyways as it's well known for security problems). Ever since I started using Firefox, I wouldn't touch IE with a 500-ft pole unless I had to do a Windows update.

 

IE seems to be a major target nowadays and I have switched over.

thanks,

Mark

 

Your Welcome! If you would like IE problem fixed, probably would be best to post in the Software Forum.

You should see this article on How to Protect yourself from malware!

 

I have a lot of reading to do to understand what happened. From looking at the hijack log, did Viewpoint cause most of my problems?

There is still something wrong however, because even with Mozilla, it's not 100% back to normal. Hotmail returned a weirdly formatted page today.

Mark

 

I wouldnt say Viewpoint had anything to do with. As far as your browser problem, this would be best answered in the software forum.