O.K. please help...

You were supposed to download the ZIP files and extract them at the beginning of step 4.

 

@Chas, found a dupe thread, merged but your post ended up out of context.


@Justshootme, as you mentioned that you had tried to follow the steps in the read me, you need to re-read and follwo them closely and attach the requested logs, your HJT that has been deleted was installed and run from a ZIP file and not renamed as specified to analyze.exe, these steps are designed to help you find all malware on your PC, do please follow the below,

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

HI Please keep all your posts in this one thread as if the information is posted in separate threads then they will get lost or deleted as duplicates.


You will need to run Hijackthis again as you have not re-named it to analyze.exe ( C:\Program Files\HJT\analyse.exe\HijackThis.exe ) but renamed the folder it goes in, instead. reason for re-naming the .exe file is that namy new malwares are not picked up if the .exe is not re-named, they have become wise to Hijackthis.

Then once run Hijackthis as analyze.exe please attach a new log in this thread only.

 

Re: Ready, are you?

You also hvae not followed the directions for using GetRunKey and ShowNew. YOU MUST EXTRACT ALL files from the zip file into a folder and you must exit your WinZIP (or whatever program you use to extract them) and then you must locate the GetRunKey.bat and ShowNew.bat files using Windows Explorer and double click on them to run them. This is explained in the download page for each program. We only need the runkeys.txt and newfiles.txt log. We do not need or want the other intermediate temporary files that are created.


Also you never told us what you malware problems are?

 

That's because you do not have an about:blank hijack problem so there was nothing for that procedure to fix.

You don't have malware problems! I would suspect that you biggest problem is what McAfee is doing to your PC. Just look below in the quote box. This is all the stuff showing in your HJT log that only pertains to McAfee:

McAfee is bringing your PC to a crawl is my bet!

And while I don't have much experience with the following, I would be they are not help either. These are items shown in your uninstall programs list that I can see in your log from ShowNew.

Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar MSN Extension (Windows Live Toolbar)
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Hotfix [See Q828026 for more information]

 

NOTE: READ THE WHOLE BELOW MESSAGE BEFORE DOING ANYTHING.

Did you uninstall McAfee already? If not, are you going to? Make sure you get an antivirus and a firewall installed immediately. See the ones in this link: How to Protect yourself from malware!

In fact you should download the new antivirus and new firewall programs before uninstalling McAfee. Then disconnect your cable to the internet and uninstall ALL of McAfee's software. Make sure it is all gone by peaking at a new HJT log afterwards. Once it is all removed, install the new antivirus and firewall. Then you can reconnect to the internet.

Windows Live Messenger can be uninstalled via Add/Remove programs just like most programs should be uninstalled including Google Toolbar.

After you uninstall all this stuff attach new logs from GetRunKey and HijackThis.

 

And did you notice a significant increase in performance?

All three of those are false postives! bdcore.dll and libfn.dll are part of Bitdefender Online scan. And pskavs.dll is part of PandaActive scan (I even mentioned this one in the READ & RUN ME).

And no I would not use the stuff from your ISP. It will more than like be a combination of software from multiple vendors or it will be another huge security suite resource hog log McAfee.

You can use HJT to fix the below left over that McAfee did not remove when you uninstalled it:
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

You can also fix the below if desired. They are not malware but are not needed and removing them will also increase PC performance:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

As I said from the before, you had no malware!

 

If it was bad, I would have had you fix it. It is a Windows system file. You can read about it here: http://www.liutilities.com/products/wintaskspro/processlibrary/ctfmon/

None of your logs showed any evidence of those kind of lines. And while the above ctfmon.exe sort of matches that description, it is not an unknown process.

Why are these in quarantine? Who deleted them? They are required system files.

I don't really find popup blockers to be necessary but FireFox has one builtin the you will find useful. Everything you need for protection is covered in the How to protect link I gave you in a previous message.

Thanks!