Hi! Moron Needs Help

I think my computer is a mess of spyware, and have been following the instructions to get it fixed, however I've run into a couple of problems, no doubt due to my stupidity. Any help with the following would be swell....

1) Can't seem to get the Trend-Micro site to scan my PC because I'm not accepting a security certificate that isn't displaying.

2) I get the following error when trying to access the Symantec Securty Scan Thingy:

The page you requested is not accessible. This may be due to one of the following reasons:

* The address was typed incorrectly.
* You followed an outdated link.
* The page no longer exists.
* The page has been moved.

This appears on the Symantec Site and comes up after I request a Security Scan, any help would be appreciated, Thanks!

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Hi again & thanks for your reply. Okay, I did all the steps, except as I said earlier I have not been able to use the trend micro scan or the symantec security scan. Everything else has been done, I've also scanned with AVG and TrojanRemover. The only things found were by Adaware which were some ALTnet data miner thingys. In addition to a ton of popups, I also have a lop.com toolbar in IE which spybot doesnt seem to recognize as that scan came up clean. Any thoughts on what's next? Thanks again.

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Wow, thanks for the fast reply, anywho, here's the Hijack This log, I closed all applications but there's still some processes listed, let me know if I need to close those through task manager or anything. Thanks again.

 

Go ahead and do another scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [Vc Manager Boob Multi] C:\Documents and Settings\All Users\Application Data\Error One Vc Manager\Web loud.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab



NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE this file if it should remain:

C:\Documents and Settings\All Users\Application Data\Error One Vc Manager\Web loud.exe



NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Then, reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.



Reboot to Normal Windows and Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!

 

Done and Done! New Hijack This Log should be attached, as for how my computer is running, this is the first time I've used Internet Explorer in foreverish, so you did something very RIGHT! No Lop.com thingy at the bottom and no extra toolbar thingy at the top so...so far so good. One thing I thought I'd mention is that the file you told me to delete was part of a folder for broderlund LCC which I have no idea what that might be, should I delete it too? Lemme know how my log looks to you, and thanks for the help!

 

Only one thing I see that should be fixed. Run HJT again have it fix this entry. Be sure all open browsers are closed before fixing anything with HJT!

After this is complete you should be clean! As far as that file, I would leave it alone because Im not sure of it.

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -


Are you still experiencing any problems?

 

Hey! I fixed the entry you suggested but won't bother attaching another log unless you think it's necessary. Just for kicks I went back to the trendmicro site and it actually gave me the security warning and i think it's going to let me do their virus scan now, dunno how you did that. Anywho, things seem to be running okay so far, and if that changes at least I know where to go. Thanks a bunch and tell 'em you should be promoted to admiral! Or whatever the right rank might be.

 

Good Job! Glad things are running better for you.

You should see Chaslang's article on How to Protect yourself from malware!