Help for me too please.

You are not reading and following the instructions BJ is giving to you. You must not run HijackThis.exe directly from the ZIP file. Here is what your log shows:

C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\Rar$EX00.269\HijackThis.exe

This means you are using WinRAR to run hijackthis.exe directly from inside the ZIP file. You MUST extract the hijackthis.exe file from the ZIP file. Use the Extract option of WinRAR. You must also etract it to the proper folder as instructed. DO NOT EXTRACT it to any Desktop location, Temp folder, or and subfolder of Documents and Settings.

WinRar does ask you where you want to Extract to
You just have to navigate to the folder where you want to extract it to. This means you need already have the C:\Program Files\HJT folder created. Step 7 of the READ ME explains how to do this.

 

Now you got it! Just another note: It is best to not have browsers running when using HijackThis. You had 4 opened:

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

If you do not shut them down, it causes two issues:

1. We cannot tell if you are running them or malware is doing it. Many forms of malware do open hidden iexplore.exe processes and we need to know that.
2. More importantly, many fixes will NOT work, if browsers are opened while trying to make the fixes.

Also note that you skipped step 3 or the READ & RUN ME. You have both AVG7 and McAfee installed. You must uninstall one of these now. Then attach a new log so we can be sure it uninstalled properly.

BJ should be back soon to continue working with you.

 

Okay but attach the new HJT log for BJ to verify. McAfee and Symantec have habits of not uninstalling properly. Make sure you have no browsers opened this time too.

 

As I suspected, all of the McAfee items are still there. Are you sure All of it has been uninstall via Add/Remove programs.

Manual removal may have to be used.

 

BJ will not be around for awhile. I'll try to pickup where he left off.

I assume what you are trying to do is get rid of all the McAfee stuff so that is what I will start with.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to McAfee WSC Integration (if that is not found, look for the short name: NetDDEsrv)... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above steps to stop and disable for the following services:
McAfee Task Scheduler ( or if not found, look for the short name: McTskshd.exe)
McAfee SecurityCenter Update Manager (or if not found, look for the short name: mcupdmgr.exe )

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

McAfee WSC Integration

If that does not work, use the short name: McDetect.exe

Now repeat the Delete NT Service steps for:
McTskshd.exe
mcupdmgr.exe

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Now continue with the below as a double check to make sure all of the McAfee items are removed.

Make sure viewing of hidden files is enabled (per the tutorial).
Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\program files\mcafee.com

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

No! It is not a vacation! Just a bunch of personal issues!

But that is what we expected. The HJT log was a double check as I stated.

Everything looks good now. Are you having any other malware problems?