Hijack and pandaactive log

Welcome to Majorgeeks!

You seem to have skipped step 3 of the READ & RUN ME. You have 3 antivirus applications installed. AVG, Avast, and McAfee. I know you mentioned you cannot uninstall McAfee but that still leaves two others. Uninstall either AVG or Avast.

Then try using the below and let me know if it uninstalls McAfee:

Your Uninstaller! 2006

 

Just deleting files rather than uninstalling is the wrong approach and will definitely make it impossible for the program to be uninstalled via Add/Remove programs. The correct method to remove programs from a PC is to uninstall them not delete them.

Where does AVG stand right now? Is you PC still in the state where you have just re-installed AVG?

Do you have administrator priviledges on the account you are logged into?

Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

The below two items should have been uninstalled in step 0 of the READ ME.

MyWay Search Assistant
Viewpoint Media Player

Can you uninstall them via Add/Remove Programs.

What are the below for? Is it for a network interface card?
mCore
MCU
mDrWiFi
mHlpDell
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
mWlsSafe
mXML
mZConfig


The below are old versions. You need to install version 5.0 update 6 and then uninstall both of these old versions:
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03


After doing the above attach a new HJT log and we will look into manual cleanup!

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to AVG7 Alert Manager Server (if that is not found, look for the short name: aswUpdSv)... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above stop and disable for the following services:
AVG7 Update Service
AVG E-mail Scanner
McAfee WSC Integration
McAfee.com McShield
McAfee Task Scheduler
McAfee SecurityCenter Update Manager
McAfee Personal Firewall Service
McAfee SpamKiller Server

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Avg7Alrt

Now repeat the Delete NT Service steps for:
Avg7UpdSvc
AVGEMS
McDetect.exe
McShield
McTskshd.exe
mcupdmgr.exe
MpfService
MskService

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\program files\Grisoft <-- the whole folder
c:\program files\mcafee.com <-- the whole folder

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Which DLLs? Give their complete name and paths. Did you try deleting them in after a reboot and also do all deletions in safe mode?

Explain exactly what happens when you try to install it.

 

Are you trying to install ZoneAlarmFree?

Right click on the items that are on your Desktop and then select Delete. Does that work?

 

Make sure you have viewing of hidden files enabled and look for the below file and if found delete it.

c:\windows\system32\vsconfig.xml

If you find the file and delete then retry the ZoneAlarm install but you should download ZoneAlarmFree from our link: ZoneAlarmFree

Did you try deleting them in safe mode? Do the below:

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u avgse.dll
then click OK. If a dialog box confirming this action appears, click OK.

Repeat the above for the below two files:
mcvsshl.dll
shlres.dll

Tell me if you receive any error messages. Try delete the folders now.

 

Okay you made this a little more difficult by moving the folders to your Desktop, so I need you to provide me the current full path to each file in the folders on your Desktop.

For example assuming you moved the whole mcafee.com folder to your Desktop, it may look like the below:

C:\Documents and Settings\username\Desktop\mcafee.com\mcvsshl.dll
C:\Documents and Settings\username\Desktop\mcafee.com\shlres.dll

where username is the user account name you are using.

And the other file maybe:

C:\Documents and Settings\username\Desktop\Grisoft\avgse.dll

 

What changed that now made it possible to delete them? What did you do that we had not already done?

 

Why were you running Your Uninstaller now! And what exactly did you tell it to uninstall? It does not sound like you just selected Picture It. And if you wanted to uninstall it, you should just use Add/Remove programs anyway.

 

I'm not sure if you will be able to recover from this so easily. You are now outside the realm of what we try to work on in the Malware Forum. I will try to get you pointed in the right direction but for continued support in trying to resolve this, you may need to work in the Software Forum.

I think you have to do a repair install of Windows but you will need a boot Windows XP SP2 CD to do that. Do you have one? What came with your PC? Was it a full CD or just a system recovery CD? If only a system recovery CD, that will put your PC back into the state it was when you received it. Thus removing all changes you have done to it since that point in time.

You may want to look into taking your harddisk out of this PC and putting it into another PC as a slave drive. Then backup any important files that you may need. You should do this before trying to do a repair of Windows. If you do not know how to do a repair see the below links:

See links like below if you don't know how to do this:

http://www.windowsnetworking.com/j_helmig/wxprcons.htm

http://www.michaelstevenstech.com/XPrepairinstall.htm

http://helpdesk.its.uiowa.edu/window...airinstall.htm