here is my log from high jack this

[cauzomb]

OK I have tried revo-uninstaller myself and have a general idea of how to use it.. I'm going to try it in safe mode to see if that will work, be back in a minute or two.

[keper]

thanks i install revo and took a quick look utube at review intersting keper

[cauzomb]

OK, revo-uninstaller does work in safe mode so here we go.. You may want to print or copy this information down for use later..

Once you have downloaded and installed revo-uninstaller, disconnect your computer from the internet, physically unplug, or turn off your wireless router if you have wireless connection.

Then restart your computer in SAFE MODE> to boot your computer in safe mode, restart the computer, when the screen goes from black, to showing detecting hardware, "this is the bios post screen" when you see dececting hard drives, start tapping the F8 key about twice a second, untill you get a windows boot menu that lists safe mode.. don't tap it too fast or you will get a keyboard stuck error.

If you have to select which opperating system after selecting safe mode, select windows xp and press enter.

Log into your computer as administrator, then run revo-uninstaller.

revo-uninstaller is pretty straight forward, a window pops up and lists icons of all the applications that are installed on the computer.. Find the one that says "full speed" then right click on it and select uninstal..



Another window will pop up that says are you sure that you want to uninstall this application.. two options, yes/no click yes.

From there you will have to select an uninstall mode.. Use the one that says "safe"
let the opperation complete, it will prompt you for input, on various options, you want to select yes, next, when it comes up with the box that says the program/application was removed but could not find any left over files, click back to scan for more etc.. Click the back button, then select the "advanced mode" click next, when it finishes scanning it should show you a box that says show the results.. From there it should display a cascading directory tree of items listed in the registry.. From there, maximize all the boxes by the plus sign, then look for anything named "full speed" or "tcp2.exe" at the end of each maximized branch... If you find those names in the revo-uninstaller window/tree thing.. Put a check mark on the last entry of the braches that contain that file name or program name "full speed or tcp2.exe, then click delete..

In the image below is an example of what it should look like, except mine is showing nlite, rather than "tcp2.exe" and "full speed".. If you have any doubts or concerns about other items in there, don't click a check mark on them.. This program is fairly thurough, and should take care of the application, even without doing the extra cleanup option. Once the application isn't showing up in your add-remove programs menu in normal boot mode, you are good to go for the next cleaning steps in our sticky..

[keper]

Hi Cauzome I have a problem as in my first post Ive already tried to delete fullspeed from the very first. There is no icon for me to click on for revo .If this is to much of a pain I will deal with it myself by throwing my computer out the back door. Thanks keper

[cauzomb]

Wwell that is an option not the best option though.. And speaking of that, I still would like to know the details about your computer:
with windows xp sp3
We an help you tune it up all around, with more information..
what brand of computer? what is the model number?

"right click on my computer, select "properties" it shows how many mhz and gigabytes

What CPU speed? hopefully it's 1.8 to 2.4 ish, or better.
How much system ram? windows xp likes 1GB to 3GB.. 512MB isn't enough.

How much of the windows hard drive is free space.. ~right click on C: then select properties, note; how much used/free GB you need alot of free GB for windows xp virtual memory..

Back on track..

I didn't know that you tried to remove full speed already... For you to get rid of it's problems, "I know they are still on your computer now, because they made the program a certain way, if you uninstall it/delete it, it leaves stuff that still does work.. that is why it comes up as malware..

Fortunatly, it's still easy to get rid of, after trying to delete it.. You have to re-install full speed, then use revo-uninstaller to remove it the way I described above from safe mode.

When you find a branch in the advanced mode that lists the program name "full speed" or the file name tcp2.exe, you put a check mark in the box of the first lower branch that has the name on it, any branches that come OUT/DOWN from/off of the branch that contains the malware title/file name are OK to remove, but not the branches above it..... you look at each MAIN branch that is listed, with a plus sign.. work your way down each main branch untill you find the first lower branch that has the name of those two things IN it.. as in my photo, buit tcp2.exe or full speed.. this will get rid of full speed as good as anyone could remove it manually, but much easier since the application finds all the parts for you..

[keper]

Hi Cauzomb I was just joking about throwing thecomputer out the window . We didn`t win the lottery. Here is my info on my computer Intel R Celeron (R) CPU 2.40 ghz 2.4 Ghz, .99gb of ram .Thanks by the way Do I need to install fullspeed or just download the application.

[keper]

ran revo full speed gone . good work i just run hjt here is a log 04 bsf.exe is new.but not sure ,but i think it is a virues .thanks keperLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:20:05 PM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [bsf] "bsf.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1262390586982
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7094 bytes

[jholland1964]

You said earlier that you ran MBA-M in safe mode and it said things were clean. MBA-M is not set up to be run in safe mode UNLESS it cannot be run in normal mode. It does not scan all files in safe mode.
Please update the program and run a FULL Scan in normal mode.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT the Computer-VERY IMPORTANT

Post back here with that full MBA-M log.

[cauzomb]

Sorry I was out looking for birds. Regarding the full speed thing, hopefully you read my suggestion about re-installing "full speed" then using revo-uninstaller to get rid of it, as it needs to be installed on the computer in order for revo-uninstaller to detect itand it's file associations/registry locations.

bsf.exe is probly an infected file. As of august 7th, 2010, MBAM did not detect it, but that my have changed in a new update as they had the file submitted to them since then.. Do that full update mbam, as Judy has suggested. we will see if it shows up in the mbam log or not.

[keper]

Hi Cauzomb I installed fullspeed and used revo to uninstall it the right way. After uninstalling fullspeed with revo .I scanned with highjack this and notice something different in the registry that was not there in previous logs or at least I did not notice. It is 04-bsf.exe Thanks Keper