## Topic posted for EffingCow

### Re: Topic posted for EffingCow

There were a bunch of them 2 days ago, but I deleted them, then I scanned again yesterday, and I got 2 more mbfbokgu.dll.vir and owqtbw.dll.vir
effingcow
### Re: Topic posted for EffingCow

Oh...

They are quarantined by Combofix already. Not an issue. They can be left alone. We will remove them later.

Any other issues?
ndmmxiaomayi
### Re: Topic posted for EffingCow

Just a really slow computer, that freezes a lot. Does this mean I can go on my bank website now safely? you didn't give me any homework, what should I do now?
effingcow
### Re: Topic posted for EffingCow

For safety reasons, I suggest that you use another computer to access your bank accounts.

As for a slow computer, there's a number of items that I can disable for you to see if it helps improve your computer's performance.

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

Do you use IBM's Presentation Director? A description is here - http://www.systemlookup.com/Startup/132 ... P_exe.html

If no, it can be disabled.

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

This is Thinkpad's Power Manager. Do you use any custom power settings? Based on some users' feedback, this could cause computers to slow down. If you are using custom settings, you may want to re-install Power Manager.

O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog

This measures your battery changes, like how much more is needed get the battery full charged, how much is being used, etc. If your laptop is always connected to your power adapter, this could be disabled since you would have no need to view how much battery power is left.

However, if you are always on the go, and need to find out how much battery power is left, leaving this alone would be the best.

http://www.systemlookup.com/Startup/173 ... ttLog.html

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

This is your touchpad tray icon (near the clock). If you use the advanced features of your touchpad, this would need to be enabled. Otherwise, it can be disabled safely.

http://www.systemlookup.com/Startup/122 ... h_exe.html

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

Depending on the model of your Thinkpad, pressing one key will let you change the volume or opens the help file. If you don't think you need to change the volume or read the help file, it can be disabled safely.

http://www.systemlookup.com/Startup/132 ... R_EXE.html

Not needed since you can access it via Start Menu, but if you prefer convenience, we can leave this alone.

http://www.systemlookup.com/Startup/353 ... p_exe.html

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

Required for the various sound settings, such as the sound effects. If you don't use them, it can be disabled safely.

http://www.systemlookup.com/Startup/114 ... P_exe.html

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

Part of Thinkpad Productivity Centre. Helps you to enhance your Thinkpad. If you don't use this feature, we can disable it.

http://www.systemlookup.com/Startup/119 ... h_EXE.html

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

Related to Thinkpad Productivity Centre. Not really needed unless you use IBM Productivity Centre.

http://www.systemlookup.com/Startup/5608-LPMGR_exe.html

O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe

This is related to your Thinkpad's camera. Unless you use it, it can be safely disabled.

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

It's not needed as it tells your connection status.

http://www.systemlookup.com/Startup/394-ACTray_exe.html

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

Related to Thinkpad Connectivity Solutions. If you use them, it would be best to leave them enabled.

http://www.pc.ibm.com/us/think/thinkvan ... tions.html

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

Not really needed as it can be accessed via Control Panel. But if you prefer convenience, we can leave it alone.

http://www.systemlookup.com/Startup/455 ... y_exe.html

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

If your Thinkpad provides you with a hot key (some sort of shortcut key) to access Intel Graphics settings, this would be needed. If unsure, best to leave it enabled.

http://www.systemlookup.com/Startup/4221-hkcmd_exe.html

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

Doesn't appear that this is needed based on the description in the below given link. I think this can be safely disabled.

http://www.systemlookup.com/Startup/935 ... s_exe.html

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

This is to remind you to update HP software. Not needed. You can find it in your Start Menu.

http://www.systemlookup.com/Startup/426 ... 2_exe.html

This program can be hard to disable, but it's doable.

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

Unless you use an iPhone or iPod Touch, this program is again not needed for startup, but as per many Apple products, Apple makes it hard to disable it, but still doable.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Not needed to run on startup as well, can be hard to disable, but doable.

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

If you don't use Windows gadgets, it can be safely disabled. They can usually found on the right hand side. A sample:

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

Not needed on startup. You can manually run MSN Messenger (now known as Windows Live Messenger) via the Start Menu. However, if you prefer convenience, we can leave this running on startup.

Please let me know which programs you would like to disable at startup.
ndmmxiaomayi
### Re: Topic posted for EffingCow

Hi!!

I'd like to disable the following:

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe &
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

If you can help me do that, I'd appreciate it!

thanks!
effingcow
### Re: Topic posted for EffingCow

Hi Amanda,

Right click on wpsetup.exe and select Run As Administrator to install it.

When done, open the program by double clicking on the dog icon near the clock.

Select the Startup Programs tab.

Select SynTPEnh and click on Disable.

Repeat for all these that you want to disable:

• EZEJMNAP
• AwaySch
• LPManager
• ACWLIcon
• IgfxTray
• HotKeysCmds
• Persistence
• HP Software Update
• AppleSyncNotifier
• iTunesHelper
• msnmsgr

Click Close when done.

When disabling some programs, Winpatrol may prompt you. Click Yes at the prompt.

ndmmxiaomayi
### Re: Topic posted for EffingCow

Hi Amanda,

How are things going?
ndmmxiaomayi
### Re: Topic posted for EffingCow

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Gary R

