Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Speedbit Video Accelerator

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Speedbit Video Accelerator

Unread postby bernibabe » October 19th, 2010, 7:21 pm

Windows XP sp3.
Installed this program on advice of popular PC newsletter.
Unchecked install toolbar, but program installed it anyway.
Then attempted to uninstall the program with Revo uninstaller, which removed the toolbar only. The main program is still in existence, path as follows: C:Documents and Settings\user(my name)\Local Settings\Temp\GLB64.TMP program starts if activated and is downloading tracking cookies etc,. Have not attempted to delete this file at this time.

Revo uninstaller is now showing on desktop search as corrupted. An uninstall/reinstall will no doubt be immediately corrupted again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:31 AM, on 20/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe
C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\DCMessages.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DocCreatorClient] "C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe"
O4 - HKLM\..\Run: [SSClearCloudTrayApp] C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BigBetPoker.com - {1ca24684-a693-418e-a430-79d070271843} - C:\Documents and Settings\Bernie\Start Menu\Programs\BigBetPoker.com\BigBetPoker.com.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4470039312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D539699-A868-4923-8CC0-B75D1921A00A}: NameServer = 74.118.212.1,74.118.212.2,74.118.212.1,74.118.212.2,
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files\BootRacer\BootRacerServ.exe
O23 - Service: DCMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\DCMessages.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 10764 bytes

Uninstall List
3DMark03 3.6.0
7-Zip 4.65 Igor Pavlov 4.65.00.0
ABBYY FineReader 6.0 Sprint Plus ABBYY Software House 6.00.1236.4166
AC3Filter (remove only)
Acrobat.com Adobe Systems Incorporated 1.1.377
AdblockIE af0.net 1.2
Adobe AIR Adobe Systems Inc. 1.0.4990
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.42.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.0.42.34
Adobe Reader 9.3 Adobe Systems Incorporated 9.3.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 11.5.1.601
Advanced SystemCare 3 IObit 3.7.0
AMD Processor Driver AMD 1.3.2.0053
AnalogX CookieWall
ASUS Smart Doctor ASUSTek COMPUTER INC. 5.25
AVG 2011 AVG Technologies 10.0.1136
BigBetPoker.com 4.7
BitMeter
Bodog Poker Bodog Poker
BootRacer Greatis Software, LLC 2.2.0
Bullzip PDF Printer 6.0.0.741 Bullzip
Card Player Poker Power Play Development
CCleaner Piriform 2.30
CDBurnerXP Pro 3 Free Software 3.0.113
ClearCloudUtility GFI Software 1.0.18
D-Link RangeBooster N 650 DWA-547 D-Link 1.10b11
e-tax 2010 DWS 1.0.682
Easy Read Iconico 1.5
ERUNT 1.1j Lars Hederer
Foxit Reader
FreeFixer Kephyr 0.58
Full Tilt Poker 4.22.20.WIN.FullTilt.COM
Game Booster IObit 1.4.0.88
gDoc Global Graphics 2.1.0
HijackThis 2.0.2 TrendMicro 2.0.2
Internet Explorer (Enable DEP)
Java(TM) 6 Update 17 Sun Microsystems, Inc. 6.0.170
Lexmark 6200 Series
Lexmark Fax Solutions Lexmark 1.10
Lightscreen
Macrium Reflect - Free Edition Macrium 4.2.2082
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
Microsoft Fix it Center Microsoft Corporation 1.0.0080
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 12.0.4518.1014
Microsoft Office Home and Student 2007 Microsoft Corporation 12.0.6425.1000
Microsoft Office Live Add-in 1.4 Microsoft Corporation 2.0.3008.0
Microsoft Silverlight Microsoft Corporation 4.0.50917.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 1.0.1215.0
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Mozilla Firefox (3.5.11) Mozilla 3.5.11 (en-GB)
MSN
Nitro PDF Reader Nitro PDF Software 1.1.1.13
NVIDIA Drivers NVIDIA Corporation 1.10.59.37
NVIDIA PhysX NVIDIA Corporation 9.09.0428
PecanPoker Your Company 1.0.6.0
Photo! Editor 1.1
PokerStars PokerStars
QuickTime Alternative 3.0.0 3.0.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5755
Revo Uninstaller 1.90 VS Revo Group 1.90
Security Update for Windows Search 4 - KB963093 Microsoft Corporation
SpadeClub Poker SpadeClub 3.0.3460.0
SpywareBlaster 4.4 Javacool Software LLC 4.4.0
SUPERAntiSpyware SUPERAntiSpyware.com 4.44.1000
Supersonic Download Accelerator
Surf Canyon Search Engine Assistant Surf Canyon 3.0.5
ThreatFire PC Tools
UltimateBet
Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation
VLC media player 1.0.0 VideoLAN Team 1.0.0
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Live Essentials Microsoft Corporation 14.0.8089.0726
Windows Live ID Sign-in Assistant Microsoft Corporation 6.500.3146.0
Windows Live Sync Microsoft Corporation 14.0.8089.726
Windows Live Upload Tool Microsoft Corporation 14.0.8014.1029
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 Microsoft Corporation 04.00.6001.503
WinPcap 4.1.1 CACE Technologies 4.1.0.1753
XP Codec Pack
Yrefresher 1.00 Yoconsoft

Any solutions?
Regards, bernibabe
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am
Advertisement
Register to Remove

Re: Malware Speedbit Video Accelerator

Unread postby MWR 3 day Mod » October 24th, 2010, 4:17 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 25th, 2010, 4:32 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Security check log
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 26th, 2010, 12:07 am

Hi Fellow Aussie,
unfortunately some housecleaning was done before I read your reply, since no other logs are supposed to posted, I will submit new a new uninstall log if requested, but just the ones asked for in your reply for now.

I hope the four files that you asked for are here, if not please ask me to post them again, I am unsure what I have uploaded, as I have not used this forum to post, prior to this incident.
You do not have the required permissions to view the files attached to this post.
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 26th, 2010, 4:27 am

Hi Bernibabe,

Please repost you logs using the copy & paste function rather than attach. As this forum is specifically designed as a teaching forum, it makes it easier on all who need to access your logs.

Thank you
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 26th, 2010, 5:19 am

logs reposted as requested, will include new uninstall list. Apologies for the trouble.

3DMark03 3.6.0
7-Zip 4.65 Igor Pavlov 4.65.00.0
ABBYY FineReader 6.0 Sprint Plus ABBYY Software House 6.00.1236.4166
AC3Filter (remove only)
Acrobat.com Adobe Systems Incorporated 1.1.377
AdblockIE af0.net 1.2
Adobe AIR Adobe Systems Inc. 1.0.4990
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.42.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.0.42.34
Adobe Reader 9.3 Adobe Systems Incorporated 9.3.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 11.5.1.601
Advanced SystemCare 3 IObit 3.7.0
AMD Processor Driver AMD 1.3.2.0053
AnalogX CookieWall
AVG 2011 AVG Technologies 10.0.1152
BigBetPoker.com 4.7
BitMeter
Bodog Poker Bodog Poker
Bullzip PDF Printer 6.0.0.741 Bullzip
CCleaner Piriform 2.30
CDBurnerXP Pro 3 Free Software 3.0.113
ClearCloudUtility GFI Software 1.0.18
D-Link RangeBooster N 650 DWA-547 D-Link 1.10b11
e-tax 2010 DWS 1.0.682
Easy Read Iconico 1.5
ERUNT 1.1j Lars Hederer
Foxit Reader
FreeFixer Kephyr 0.58
Full Tilt Poker 4.22.20.WIN.FullTilt.COM
Game Booster IObit 1.4.0.88
gDoc Global Graphics 2.1.0
HijackThis 2.0.2 TrendMicro 2.0.2
Internet Explorer (Enable DEP)
Java(TM) 6 Update 17 Sun Microsystems, Inc. 6.0.170
Lexmark 6200 Series
Lexmark Fax Solutions Lexmark 1.10
Lightscreen
Macrium Reflect - Free Edition Macrium 4.2.2082
Malwarebytes' Anti-Malware Malwarebytes Corporation
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
Microsoft Fix it Center Microsoft Corporation 1.0.0080
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 12.0.4518.1014
Microsoft Office Home and Student 2007 Microsoft Corporation 12.0.6425.1000
Microsoft Office Live Add-in 1.4 Microsoft Corporation 2.0.3008.0
Microsoft Silverlight Microsoft Corporation 4.0.50917.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 1.0.1215.0
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
Mozilla Firefox (3.5.13) Mozilla 3.5.13 (en-GB)
MSN
Nitro PDF Reader Nitro PDF Software 1.1.1.13
NVIDIA Drivers NVIDIA Corporation 1.10.59.37
NVIDIA PhysX NVIDIA Corporation 9.09.0428
PecanPoker Your Company 1.0.6.0
Photo! Editor 1.1
PokerStars PokerStars
QuickTime Alternative 3.0.0 3.0.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5755
Revo Uninstaller 1.90 VS Revo Group 1.90
Security Update for Windows Search 4 - KB963093 Microsoft Corporation
SpywareBlaster 4.4 Javacool Software LLC 4.4.0
SUPERAntiSpyware SUPERAntiSpyware.com 4.44.1000
Supersonic Download Accelerator
ThreatFire PC Tools
UltimateBet
Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation
VLC media player 1.0.0 VideoLAN Team 1.0.0
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Live Essentials Microsoft Corporation 14.0.8089.0726
Windows Live ID Sign-in Assistant Microsoft Corporation 6.500.3146.0
Windows Live Sync Microsoft Corporation 14.0.8089.726
Windows Live Upload Tool Microsoft Corporation 14.0.8014.1029
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 Microsoft Corporation 04.00.6001.503
WinPcap 4.1.1 CACE Technologies 4.1.0.1753
XP Codec Pack
Yrefresher 1.00 Yoconsoft

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.4
SUPERAntiSpyware
ThreatFire
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.3
Mozilla Firefox (3.5.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

FreeFixer v0.58 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2010-10-26 10:19


BootExecute (1 whitelisted)
C:\WINDOWS\system32\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (file is missing)
C:\WINDOWS\system32\C:\PROGRA~1\AVG\AVG10\avgrsx.exe (file is missing)

Winlogon Notify (10 whitelisted)
!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

TCP/IP settings
HKLM\..\Interfaces\{7D539699-A868-4923-8CC0-B75D1921A00A}, NameServer = 74.118.212.1,74.118.212.2,74.118.212.1,74.118.212.2,

Browser Helper Objects (6 whitelisted)
{90EFF544-3981-4d46-85C9-C0361D0931D6}, af0.Adblock.BHO, mscoree.dll (file is missing)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}, JQSIEStartDetectorImpl Class, C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Internet Explorer toolbars (3 whitelisted)
HKLM\..\Toolbar\Locked - - (no file specified)
HKLM\..\Toolbar\{B24BA06E-FB7B-4757-95C2-DC01125F750E} - RefresherBand Class - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
HKCU\..\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} - - (no file specified)
HKCU\..\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - (no file specified)

Basic Internet Explorer settings
HKCU\..\Main, Search Page =
HKLM\..\Search, SearchAssistant =
HKCU\..\Desktop\General, Wallpaper = C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

Registry Startups (7 whitelisted)
HKLM\..\Run, CookieWall = C:\Program Files\AnalogX\CookieWall\cookie.exe
HKLM\..\Run, EzPrint = "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
HKLM\..\Run, lxbumon.exe = "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
HKLM\..\Run, nwiz = nwiz.exe /install
HKLM\..\Run, DocCreatorClient = "C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe"
HKLM\..\Run, SSClearCloudTrayApp = C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe

Autostart shortcuts
Bitmeter2.lnk, , C:\Program Files\Codebox\BitMeter\BitMeter2.exe
Wireless Connection Manager.lnk, , C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

Processes (36 whitelisted)
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe
C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
C:\WINDOWS\system32\DCMessages.exe
C:\Program Files\FreeFixer\freefixer.exe

Application modules (74 whitelisted)
C:\WINDOWS\system32\nview.dll

Services (38 whitelisted)
ACS, Atheros Configuration Service, c:\program files\d-link\d-link rangebooster n 650 dwa-547\acs.exe
ReflectService, Macrium Reflect Image Mounting Service, c:\program files\macrium\reflect\reflectservice.exe

Explorer.exe Modules (128 whitelisted)
C:\WINDOWS\system32\nview.dll
c:\Program Files\7-Zip\7-zip.dll

Rundll Modules (39 whitelisted)
C:\WINDOWS\system32\nview.dll
C:\WINDOWS\system32\nvshell.dll

Winlogon.exe Modules (81 whitelisted)
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

IExplorer.exe Modules (121 whitelisted)
C:\WINDOWS\system32\nview.dll
C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
C:\Program Files\af0.net\AdblockIE\Adblock.dll
C:\Program Files\af0.net\AdblockIE\Interop.SHDocVw.dll
C:\Program Files\af0.net\AdblockIE\Interop.MSHTML.dll
C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

Drivers (34 whitelisted)
EIO_XP, EIO_XP, c:\windows\system32\drivers\eio_xp.sys
NPF, NetGroup Packet Filter Driver, C:\WINDOWS\system32\drivers\npf.sys
pssnap, Paramount Software Snapshot Filter, C:\WINDOWS\system32\drivers\pssnap.sys
SASDIFSV, SASDIFSV, c:\program files\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, c:\program files\superantispyware\saskutil.sys

Firefox Extensions
Ghostery, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\firefox@ghostery.com\install.rdf
DownloadStudio Integration, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{0851d9cd-87db-4a0d-a792-097dc9071486}\install.rdf
PriceTrace Toolbar, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{72938f90-8d8a-11de-8a39-0800200c9a66}\install.rdf
Book Burro, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d}\install.rdf
Adblock Plus, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\install.rdf
FoxClocks, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}\install.rdf
BetterPrivacy, C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\rjuvzi9t.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}\install.rdf
Java Console, C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf

Recently created/modified files (21 whitelisted)
12 minutes, c:\Documents and Settings\Bernie\Local Settings\temp\cabex.dll
12 minutes, c:\Documents and Settings\Bernie\Local Settings\temp\GLB23.tmp
15 minutes, c:\Documents and Settings\Bernie\Local Settings\temp\nsm21.tmp\UAC.dll
15 minutes, c:\Documents and Settings\Bernie\Local Settings\temp\~nsu.tmp\Au_.exe
42 minutes, c:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
42 minutes, c:\Documents and Settings\Bernie\Local Settings\temp\VSUSetup.exe
22 hours, c:\Program Files\Mozilla Firefox\softokn3.dll
22 hours, c:\Program Files\Mozilla Firefox\nssdbm3.dll
22 hours, c:\Program Files\Mozilla Firefox\freebl3.dll

End of FreeFixer log

info.txt logfile of random's system information tool 1.08 2010-10-26 11:34:02

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
7-Zip 4.65-->MsiExec.exe /I{23170F69-40C1-2701-0465-000001000000}
ABBYY FineReader 6.0 Sprint Plus-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
AdblockIE-->MsiExec.exe /I{5508128A-2C7B-46B5-81F9-58E8E8115F0B}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AnalogX CookieWall-->C:\Program Files\AnalogX\CookieWall\cookieu.exe
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{1A258E63-8DF5-4ADB-9832-38A0121D65EB}
AVG 2011-->MsiExec.exe /I{4EB34322-B940-46EB-810E-68E71A819269}
BitMeter-->"C:\Program Files\Codebox\BitMeter\uninstall.exe"
Bodog Poker-->"C:\Program Files\Bodog Poker\unins000.exe"
Bullzip PDF Printer 6.0.0.741-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{12F14497-A7B7-4571-AAAC-154DBC93EAB0}
ClearCloudUtility-->MsiExec.exe /X{C6BF0389-FABA-4193-872C-87C3800DF673}
D-Link RangeBooster N 650 DWA-547-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe" -l0x9 -removeonly
Easy Read-->C:\WINDOWS\Easy Read Uninstaller.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
e-tax 2010-->MsiExec.exe /X{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeFixer-->"C:\Program Files\FreeFixer\uninstall.exe"
Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
gDoc-->"C:\Program Files\InstallShield Installation Information\{EABCE84D-314C-4D47-8B8D-2743B45A4686}\setup.exe" -runfromtemp -l0x0009 -uninstall -removeonly
gDocExcel2007AddIn-->MsiExec.exe /I{3D9E5B51-ED02-4F31-98B7-F99BABE958D0}
gDocPowerPoint2007AddIn-->MsiExec.exe /I{F5E3017E-47B0-43E9-A13D-8BCA3EC84EEA}
gDocWord2007AddIn-->MsiExec.exe /I{C0E05CBA-6900-4103-B396-2A6500E67A54}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Internet Explorer (Enable DEP)-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lexmark 6200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbuUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U
Lightscreen-->"C:\Program Files\Lightscreen\uninstall.exe"
Macrium Reflect - Free Edition-->MsiExec.exe /I{986389BF-2AE7-4C4D-B284-519BA869EDD1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Automated Troubleshooting Services Shim-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Fix it Center-->MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Mozilla Firefox (3.5.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nitro PDF Reader-->MsiExec.exe /X{37566D8F-0EA4-46EF-8858-973FF21853B6}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PecanPoker-->"C:\WINDOWS\unins000.exe"
PecanPoker-->MsiExec.exe /I{31A4E3FE-1DAD-4779-A721-8CED7C19410A}
PecanPoker-->msiexec.exe /x {31A4E3FE-1DAD-4779-A721-8CED7C19410A}
Photo! Editor 1.1-->"C:\Program Files\Photo!\Photo! Editor\unins000.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime Alternative 3.0.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Revo Uninstaller 1.90-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Supersonic Download Accelerator-->C:\Program Files\Supersonic Download Accelerator\uninstall.exe
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0 MUI pack-->"C:\WINDOWS\$NtUninstallKB926141$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
WinPcap 4.1.1-->C:\Program Files\WinPcap\uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Yrefresher 1.00-->"C:\Program Files\YRefresher\unins000.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free Edition 2011

======System event log======

Computer Name: OWNER-B3AAE1A9F
Event Code: 7001
Message: The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 22653
Source Name: Service Control Manager
Time Written: 20101005101552.000000+600
Event Type: error
User:

Computer Name: OWNER-B3AAE1A9F
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 22652
Source Name: DCOM
Time Written: 20101005101451.000000+600
Event Type: error
User: OWNER-B3AAE1A9F\Bernie

Computer Name: OWNER-B3AAE1A9F
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Record Number: 22651
Source Name: DCOM
Time Written: 20101005101447.000000+600
Event Type: error
User: OWNER-B3AAE1A9F\Bernie

Computer Name: OWNER-B3AAE1A9F
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 22650
Source Name: DCOM
Time Written: 20101005101430.000000+600
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-B3AAE1A9F
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Record Number: 22649
Source Name: DCOM
Time Written: 20101005101427.000000+600
Event Type: error
User: OWNER-B3AAE1A9F\Bernie

=====Application event log=====

Computer Name: OWNER-B3AAE1A9F
Event Code: 1
Message:
Record Number: 35514
Source Name: nview_info
Time Written: 20101020082420.000000+600
Event Type: error
User:

Computer Name: OWNER-B3AAE1A9F
Event Code: 1
Message:
Record Number: 35513
Source Name: nview_info
Time Written: 20101020082415.000000+600
Event Type: error
User:

Computer Name: OWNER-B3AAE1A9F
Event Code: 1
Message:
Record Number: 35512
Source Name: nview_info
Time Written: 20101020082415.000000+600
Event Type: error
User:

Computer Name: OWNER-B3AAE1A9F
Event Code: 1
Message:
Record Number: 35511
Source Name: nview_info
Time Written: 20101020082415.000000+600
Event Type: error
User:

Computer Name: OWNER-B3AAE1A9F
Event Code: 1
Message:
Record Number: 35510
Source Name: nview_info
Time Written: 20101020082415.000000+600
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\QuickTime Alternative\QTSystem;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 5 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0502
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bernie at 2010-10-26 11:32:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 454 GB (95%) free of 477 GB
Total RAM: 3583 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:59 AM, on 26/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe
C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\DCMessages.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bernie\Local Settings\Temporary Internet Files\Content.IE5\SJOBNITT\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Bernie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BigBetPoker.com - {1ca24684-a693-418e-a430-79d070271843} - C:\Documents and Settings\Bernie\Start Menu\Programs\BigBetPoker.com\BigBetPoker.com.lnk (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D539699-A868-4923-8CC0-B75D1921A00A}: NameServer = 74.118.212.1,74.118.212.2,74.118.212.1,74.118.212.2,
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DCMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\DCMessages.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{12B33138-E22F-4378-A84B-C4F30D68D647}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90EFF544-3981-4d46-85C9-C0361D0931D6}]
af0.Adblock.BHO - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{B24BA06E-FB7B-4757-95C2-DC01125F750E} - RefresherBand Class - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL [2001-08-03 45056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CookieWall"=C:\Program Files\AnalogX\CookieWall\cookie.exe [2009-09-28 151040]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2010-01-14 378128]
"EzPrint"=C:\Program Files\Lexmark 6200 Series\ezprint.exe [2004-09-17 61440]
"LXBUCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 []
"lxbumon.exe"=C:\Program Files\Lexmark 6200 Series\lxbumon.exe [2004-09-22 188416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"DocCreatorClient"=C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe [2009-11-24 292248]
"SSClearCloudTrayApp"=C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe [2010-08-18 537936]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-09-29 2424560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-14 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lxbucoms.exe"="C:\WINDOWS\system32\lxbucoms.exe:*:Disabled:6200 Series Server"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-10-26 11:32:18 ----D---- C:\rsit
2010-10-26 10:38:26 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-26 10:38:22 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-26 10:38:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-19 11:01:38 ----D---- C:\Program Files\PecanPoker
2010-10-18 19:36:59 ----RA---- C:\WINDOWS\system32\drivers\EIO_XP.sys
2010-10-17 09:39:29 ----D---- C:\Documents and Settings\Bernie\Application Data\AVG10
2010-10-17 09:38:41 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2010-10-17 09:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-10-17 09:35:00 ----D---- C:\WINDOWS\system32\drivers\AVG
2010-10-17 09:35:00 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2010-10-17 09:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2010-10-17 06:28:29 ----D---- C:\Documents and Settings\Bernie\Application Data\Bitmeter2
2010-10-17 06:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Bitmeter2
2010-10-16 17:05:23 ----D---- C:\Program Files\BigBetPoker.com
2010-10-15 02:51:26 ----D---- C:\Program Files\SpeedBit Video Accelerator
2010-10-15 02:51:08 ----D---- C:\Documents and Settings\Bernie\Application Data\Toolbar4
2010-10-15 02:51:04 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2010-10-14 08:10:33 ----D---- C:\Documents and Settings\Bernie\Application Data\FreeFixer
2010-10-14 08:10:11 ----D---- C:\Program Files\FreeFixer
2010-10-13 05:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-13 05:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-13 05:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-13 05:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-13 05:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-13 05:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-13 05:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-13 05:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 05:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-12 05:21:54 ----A---- C:\WINDOWS\MyProgram.exe
2010-10-12 05:21:51 ----A---- C:\WINDOWS\unins000.exe
2010-10-08 06:17:37 ----D---- C:\Documents and Settings\Bernie\Application Data\ClearCloud
2010-10-08 06:17:37 ----D---- C:\Documents and Settings\All Users\Application Data\ClearCloud
2010-10-08 06:17:25 ----D---- C:\Program Files\ClearCloud
2010-10-05 10:14:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-05 10:11:24 ----ASH---- C:\pagefile.sys
2010-09-30 06:51:59 ----D---- C:\Program Files\YRefresher
2010-09-29 06:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$

======List of files/folders modified in the last 1 months======

2010-10-26 11:33:59 ----D---- C:\Program Files\Trend Micro
2010-10-26 11:29:54 ----D---- C:\WINDOWS
2010-10-26 10:39:48 ----D---- C:\WINDOWS\Temp
2010-10-26 10:38:31 ----D---- C:\WINDOWS\system32\drivers
2010-10-26 10:38:29 ----RD---- C:\Program Files
2010-10-26 10:20:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-26 09:57:20 ----SHD---- C:\WINDOWS\Installer
2010-10-26 09:51:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-26 09:48:27 ----D---- C:\WINDOWS\system32
2010-10-26 09:46:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-26 09:37:25 ----D---- C:\WINDOWS\Prefetch
2010-10-26 06:13:27 ----D---- C:\Program Files\PokerStars
2010-10-25 15:19:22 ----D---- C:\Program Files\Mozilla Firefox
2010-10-24 08:31:39 ----D---- C:\Program Files\Full Tilt Poker
2010-10-20 13:29:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-10-20 13:29:42 ----D---- C:\Program Files\SpywareBlaster
2010-10-20 11:49:02 ----HD---- C:\WINDOWS\inf
2010-10-20 02:43:18 ----SHD---- C:\System Volume Information
2010-10-20 02:01:08 ----D---- C:\WINDOWS\Help
2010-10-20 01:55:09 ----SHD---- C:\WINDOWS\CSC
2010-10-18 19:45:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-18 19:44:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-10-18 19:43:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-17 09:29:16 ----SD---- C:\Documents and Settings\Bernie\Application Data\Microsoft
2010-10-17 09:29:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-10-17 09:28:51 ----D---- C:\Program Files\AVG
2010-10-17 09:28:44 ----D---- C:\WINDOWS\WinSxS
2010-10-17 06:28:14 ----D---- C:\Program Files\Codebox
2010-10-15 20:02:33 ----RASH---- C:\boot.ini
2010-10-15 20:02:33 ----A---- C:\WINDOWS\win.ini
2010-10-15 20:02:33 ----A---- C:\WINDOWS\system.ini
2010-10-14 04:51:21 ----D---- C:\temp
2010-10-14 04:49:56 ----D---- C:\Program Files\Bodog Poker
2010-10-13 07:26:30 ----D---- C:\Program Files\Internet Explorer
2010-10-13 05:45:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-13 05:45:10 ----A---- C:\WINDOWS\imsins.BAK
2010-10-13 05:39:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-10-13 05:31:25 ----D---- C:\WINDOWS\ie8updates
2010-10-13 05:28:10 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-11 08:50:16 ----D---- C:\Program Files\UltimateBet
2010-10-08 10:29:11 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 10:28:46 ----RSD---- C:\WINDOWS\assembly
2010-10-05 11:51:25 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-05 11:41:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-05 10:15:56 ----D---- C:\Documents and Settings\Bernie\Application Data\SUPERAntiSpyware.com
2010-10-05 10:15:07 ----D---- C:\Documents and Settings\Bernie\Application Data\U3
2010-09-29 14:36:12 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 pssnap;Paramount Software Snapshot Filter; C:\WINDOWS\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
R0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys [2010-01-14 51984]
R0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys [2010-01-14 59664]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-21 50704]
R3 AR5416;D-Link DWA-547 RangeBooster N650 Desktop Adapte Service; C:\WINDOWS\system32\DRIVERS\ar5416.sys [2007-01-31 1050784]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Bernie\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe [2006-08-25 360532]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-05-25 196912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2009-08-25 220128]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2010-01-14 70928]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 DCMessages;DCMessages; C:\WINDOWS\system32\DCMessages.exe [2009-11-24 99720]
R3 lxbu_device;lxbu_device; C:\WINDOWS\system32\lxbucoms.exe [2004-09-24 450560]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MatSvc;Microsoft Automated Troubleshooting Service; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-21 117264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 26th, 2010, 6:32 am

Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Advanced SystemCare 3 IObit 3.7.0
    Revo Uninstaller 1.90 VS Revo Group 1.90


Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Program Files\SpeedBit Video Accelerator
C:\Documents and Settings\Bernie\Application Data\Toolbar4
C:\Documents and Settings\All Users\Application Data\SpeedBit

:Commands

[EmptyTemp]
[Reboot]


  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

Please reply with:-
  • OTM log
  • New HJT log
  • Update on issues
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 26th, 2010, 4:05 pm

Removal of ACS3 Iobit 3.7.0 and Revo 1.90 completed.
May I ask the reason for these actions? Are they potentially dangerous? Or are they contributing to the issue with Speedbit Video Accelerator?

Clear Cloud is blocking the site for "OTM", as potentially harmful, have submitted a request for redirection to them. I will update you as soon as possible on this new issue.
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 26th, 2010, 4:44 pm

Disabled "Clear Cloud", for this operation.
new logs and update as requested.
Speedbit Video Accelerator has now disappeared from my desktop, nor does it appear in "Recycle Bin", presumably it no longer exists on my PC., Please advise further actions if required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:04 AM, on 27/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe
C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DCMessages.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BigBetPoker.com - {1ca24684-a693-418e-a430-79d070271843} - C:\Documents and Settings\Bernie\Start Menu\Programs\BigBetPoker.com\BigBetPoker.com.lnk (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: DCMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\DCMessages.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5429 bytes

All processes killed
Error: Unable to interpret <C:\Program Files\SpeedBit Video Accelerator> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Bernie\Application Data\Toolbar4> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\SpeedBit> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bernie
->Temp folder emptied: 4358362 bytes
->Temporary Internet Files folder emptied: 13575155 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42625725 bytes
->Flash cache emptied: 434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 18582536 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1347639 bytes

Total Files Cleaned = 77.00 mb


OTM by OldTimer - Version 3.1.17.1 log created on 10272010_062348

Files moved on Reboot...

Registry entries deleted on Reboot...
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 26th, 2010, 4:51 pm

Removal of ACS3 Iobit 3.7.0 and Revo 1.90 completed.
May I ask the reason for these actions? Are they potentially dangerous? Or are they contributing to the issue with Speedbit Video Accelerator?

I suggested Revo be uninstalled as you said the program was sitting corrupted on your desktop.
Advanced SystemCare 3 IObit 3.7.0 is not the greatest but not a ‘bad’ program as such.

Overall your problem does not appear at this stage, to be malware related. Apart from not being able to uninstall Speedbit properly are you having any other issues?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 26th, 2010, 5:14 pm

At this stage, SpeedBit Video Accelerator has reappeared on my Desktop, after a reboot. So my previous statement was apparently, somewhat premature.
At this time the only issue I am aware of, is the inability to uninstall SBVA. The problems with this issue seem to fit with malware, but I am not technically savvy enough to make a certain call on this, as there may be happenings that I am not aware of on my PC. I am malware/virus paranoid.
Had contacted SBVA assistance and their reply follows below ( no action taken as yet, because I do not know, if it safe to perform the recommended actions in their reply);

I'm very sorry you are experiencing these difficulties with our Video Accelerator product. SpeedBit Video Accelerator comes with an uninstall utility. While at this stage of the dialoge, we can't be certain what was the reason for the problem you have encountered, I suggest the following steps in the road for resolution: 1) Download SpeedBit Video Accelerator's latest setup file, available on http://www.videoaccelerator.com 2) Execute SpeedBit Video Accelerator's setup file 3) VERY IMPORTANT - REBOOT your PC after SpeedBit Video Accelerator's installation to make sure that all SpeedBit Video Accelerator components (including the uninstall utility) are fully installed. 4) Use SpeedBit Video Accelerator's uninstall utility to fully remove SpeedBit Video Accelerator - SpeedBit Video Accelerator's uninstall utility may be accessed either through:(a) the 'SpeedBit Video Accelerator' program folder under your Windows 'Start' -> 'Programs'; or(b) the 'Add/Remove Programs' or "Program and Features" option under the 'Control Panel' in your Windows 'Start' -> 'Settings'. This should remove the entire client. If you continue running into any problems please send me the following information: 1. The antivirus software you are using 2. Your Operating System 3. What is your default browser I am sorry you ran into these problems and hope we were able to solve them. If not, please send me and email back and we'll make sure we continue our efforts until all these issues are resolved. Best, Irina Grinv l Customer CareSpeedBit.com
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 27th, 2010, 5:00 am

At this stage, SpeedBit Video Accelerator has reappeared on my Desktop, after a reboot. So my previous statement was apparently, somewhat premature.
At this time the only issue I am aware of, is the inability to uninstall SBVA. The problems with this issue seem to fit with malware, but I am not technically savvy enough to make a certain call on this, as there may be happenings that I am not aware of on my PC. I am malware/virus paranoid.
Had contacted SBVA assistance and their reply follows below ( no action taken as yet, because I do not know, if it safe to perform the recommended actions in their reply);


You do have a very ‘busy’ computer.

I would like you to disable ALL your security applications then follow my previous instructions for running OTM

Paste the log it produces on your next reply.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • OTM log
  • Kaspersky log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 27th, 2010, 10:07 am

Kaspersky report is clean, the report is blank.
OTM report and Blank Kaspersky report below.
SBVA is still present.

All processes killed
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\SpeedBit> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bernie
->Temp folder emptied: 1711336 bytes
->Temporary Internet Files folder emptied: 12417267 bytes
->Java cache emptied: 124278 bytes
->FireFox cache emptied: 22345826 bytes
->Flash cache emptied: 564 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 597 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.00 mb


OTM by OldTimer - Version 3.1.17.1 log created on 10272010_204520
C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator\VARes_1000004 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedBit folder moved successfully.

OTM by OldTimer - Version 3.1.17.1 log created on 10272010_204508

Files moved on Reboot...

Registry entries deleted on Reboot...

KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 27, 2010 07:04:05
Records in database: 4179228
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 90833
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:56:02

No threats found. Scanned area is clean.

Selected area has been scanned.
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am

Re: Malware Speedbit Video Accelerator

Unread postby muppy03 » October 28th, 2010, 7:32 am

Hi, Still not seeing malware as such and Kaspersky also found nothing. It would appear the problem is unrelated to infection and as such you might be better off asking at a general tech help forum as we only specialize in malware here.

As I mentioned you do have a ‘busy’ computer and the problem could well stem from programs being incompatible with each other.

I would at this stage try what the speedbit customer care advised as you might have uninstalled incorrectly the first time.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware Speedbit Video Accelerator

Unread postby bernibabe » October 28th, 2010, 3:17 pm

Hi,
Many thanks for all your help. There 2 items of news.
1. Clear Cloud DNS replied to my report on OTM, and will unblock it at a future update, as a "false positive".
2. I downloaded a freeware program called "Hazard Shield" which allowed me to find and remove the remaining files of SBVA.
Should any problem show up in the future I will then reinstall and uninstall the offender.

Again many thanks for your time.
Bernibabe.
bernibabe
Active Member
 
Posts: 11
Joined: October 19th, 2010, 2:34 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware