Can't get rid of malware after following READ/RUN instructions. Help!

Welcome to Majorgeeks!

Please run CounterSpy again and this time let it fix what it found. You told it to Ignore the malware last time. Then attach the new log.

Also you did not attach your Panda ActiveScan log. Please attach it.

You were supposed to uninstall Viewpoint Manager in step 0. Please uninstall it now!

Also uninstall Mercora

You said you did not run Windows Defender but I do see it installed. Try running it in normal boot mode. Let me know if it runs that way.

Is the below a paid version or a free trial version?
C:\Program Files\CA\eTrust Internet Security Suite


Now let's fix some of your problems!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BSz] C:\documents and settings\lou\local settings\temp\BSz.exe
O4 - HKLM\..\Run: [vH] C:\windows\temp\vH.exe
O4 - HKLM\..\Run: [jnNZM] C:\documents and settings\lou\local settings\temp\jnNZM.exe
O4 - HKLM\..\Run: [dDpyKDP] C:\documents and settings\lou\local settings\temp\dDpyKDP.exe
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvtr.exe
O15 - Trusted Zone: *.mmohsix.com

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\documents and settings\lou\local settings\temp\BSz.exe <--- delete all files and subfolders in this Temp folder. Windows will block deleting one or two of them.
C:\windows\temp <--- delete all files and subfolders in this Temp folder.
C:\WINDOWS\System32\wcpsvtr.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

If you are confident that it does not contain any bundled malware, then keep it. It's up to you in the end. But couldn't you just save the music files elsewhere?

What malware are you referring too? Your log shows no malware, just a bunch of things that may or may not be necessary but that does not make them malware.

You did not answer my question:

Also is it still really installed or is that just a left over?

Uninstall the Ewido free trial that you just installed. It is going to eatup system resourcesand could conflict with CounterSpy, Windows Defender and eTrust that you already have installed.

In fact if CounterSpy is the free trial version, uninstall it too.

 

Download the attached fixE2G.zip file and extract the fixE2G.reg file from it. Then start the procedure over again and when you get to the step about the fixE2G.reg patch, just double click on the file you just extracted.

Then have HijackThis fix that line and delete the C:\Program Files\CA folder if it exists.

Just ignore Mercora for now!


Let me know if you are still having malware problems.

 

It's whereever you decided to download it to. You have to keep track of where you download the file to so you can located it and extract the .reg file file. This is no different then what had to be done with HijackThis. You need to be able to do this yourself. Either download it to some folder where you can locate it, or download it to your Desktop. Then extract the file from the ZIP. Without running this registry patch, you are not going to fix the problems so there is no sense repeating the procedure until you get the registry patch file ready for use. The Avenger log even shows you that. See the Could not open script file! Error


You also did not fix the below line as I stated in my last message:
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

 

Sorry about that! That was my fault in message # 7! I forgot to attach the file. I'll attach it to this message.

Are you able to copy and past the text into Avenger as requested or are you having a problem with that too? If so, I may have to put that into a file for you to load into Avenger.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!