Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Horrible lag, settings changed, help me!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 4th, 2008, 10:43 am

not at all my friend. i truly appreciate all the help you have given me thus far.

much oblige.
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am
Advertisement
Register to Remove

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 4th, 2008, 11:05 am

Ok, I'm working my way through your log.If in the mean time you can run this next log as I want to get to this other infection also.

Step one: Download and Run FindAWF
Please download FindAWF and save it to your desktop.
  • Run FindAWF.exe
  • Press any key to get past the compiler message.
  • Type 1 in the options menu to Scan and press Enter.
  • Let the tool run.
  • The output is awf.txt, save the text file to your desktop.
  • Copy and paste the contents of the AWF.txt file in your next reply.

dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 4th, 2008, 11:32 am

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2008-07-05
The current time is: 8:30:12.75


bak folders found
~~~~~~~~~~~


Directory of C:\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LTMOH\BAK

2003-09-26 15:43 184,320 Ltmoh.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2004-05-07 12:11 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2003-03-31 05:00 13,312 ctfmon.exe
1 File(s) 13,312 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2004-03-09 21:10 335,872 atiptaxx.exe
1 File(s) 335,872 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

2004-01-22 17:08 495,616 SynTPEnh.exe
2004-01-22 17:09 98,304 SynTPLpr.exe
2 File(s) 593,920 bytes

Directory of C:\PROGRA~1\TOSHIBA\TO8D15~1\BAK

2004-03-02 13:45 135,168 SmoothView.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

2003-09-05 03:24 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~2\BAK

2004-04-30 16:42 430,080 thotkey.exe
1 File(s) 430,080 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK

2004-02-03 14:47 1,089,589 PadExe.exe
1 File(s) 1,089,589 bytes

Directory of C:\TOSHIBA\IVP\ISM\BAK

2003-10-20 08:39 159,744 pinger.exe
1 File(s) 159,744 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

184320 Sep 26 2003 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
77824 May 7 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
13312 Mar 31 2003 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
335872 Mar 9 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
495616 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
495616 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
98304 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98304 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
135168 Mar 2 2004 "C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe"
65536 Sep 5 2003 "C:\Program Files\Toshiba\TOSCDSPD\bak\toscdspd.exe"
430080 Apr 30 2004 "C:\Program Files\Toshiba\TOSHIBA Applet\bak\thotkey.exe"
1089589 Feb 3 2004 "C:\Program Files\Toshiba\Touch and Launch\bak\PadExe.exe"
159744 Oct 20 2003 "C:\Toshiba\IVP\ISM\bak\pinger.exe"


end of report
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 4th, 2008, 1:35 pm

Step Two Run FindAWF
Run FindAWF.exe from your desktop.
  • Press any key to get past the compiler message.
  • Type 2 in the options menu to Restore and press Enter.
  • A text file called files.txt will be opened.
  • Copy the lines inside the code box below using Ctrl+C.
    Code: Select all
    "C:\Program Files\ltmoh\bak\Ltmoh.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\WINDOWS\system32\bak\ctfmon.exe"
    "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
    "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
    "C:\Toshiba\IVP\ISM\bak\pinger.exe"
    "C:\Program Files\Toshiba\Touch and Launch\bak\PadExe.exe"
    "C:\Program Files\Toshiba\TOSCDSPD\bak\toscdspd.exe"
    "C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe"
    "C:\Program Files\Toshiba\TOSHIBA Applet\bak\thotkey.exe"

  • In files.txt, click below the line and use Ctrl+V to paste the copied lines.
  • Close the Notepad file and click Yes to save the changes.
  • Let the tool run.
  • The output is awf.txt, save the text file to your desktop.
  • Copy and paste the contents of the AWF.txt file in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 4th, 2008, 10:23 pm

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2008-07-05
The current time is: 19:20:37.43


bak folders found
~~~~~~~~~~~


Directory of C:\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LTMOH\BAK

2003-09-26 15:43 184,320 Ltmoh.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2004-05-07 12:11 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2003-03-31 05:00 13,312 ctfmon.exe
1 File(s) 13,312 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2004-03-09 21:10 335,872 atiptaxx.exe
1 File(s) 335,872 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

2004-01-22 17:08 495,616 SynTPEnh.exe
2004-01-22 17:09 98,304 SynTPLpr.exe
2 File(s) 593,920 bytes

Directory of C:\PROGRA~1\TOSHIBA\TO8D15~1\BAK

2004-03-02 13:45 135,168 SmoothView.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

2003-09-05 03:24 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~2\BAK

2004-04-30 16:42 430,080 thotkey.exe
1 File(s) 430,080 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK

2004-02-03 14:47 1,089,589 PadExe.exe
1 File(s) 1,089,589 bytes

Directory of C:\TOSHIBA\IVP\ISM\BAK

2003-10-20 08:39 159,744 pinger.exe
1 File(s) 159,744 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

184320 Sep 26 2003 "C:\Program Files\ltmoh\Ltmoh.exe"
184320 Sep 26 2003 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
77824 May 7 2004 "C:\Program Files\QuickTime\qttask.exe"
77824 May 7 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
13312 Mar 31 2003 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"
335872 Mar 9 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 Mar 9 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
495616 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
495616 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
495616 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
98304 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98304 Jan 22 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
135168 Mar 2 2004 "C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe"
135168 Mar 2 2004 "C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe"
65536 Sep 5 2003 "C:\Program Files\Toshiba\TOSCDSPD\toscdspd.exe"
65536 Sep 5 2003 "C:\Program Files\Toshiba\TOSCDSPD\bak\toscdspd.exe"
430080 Apr 30 2004 "C:\Program Files\Toshiba\TOSHIBA Applet\thotkey.exe"
430080 Apr 30 2004 "C:\Program Files\Toshiba\TOSHIBA Applet\bak\thotkey.exe"
1089589 Feb 3 2004 "C:\Program Files\Toshiba\Touch and Launch\PadExe.exe"
1089589 Feb 3 2004 "C:\Program Files\Toshiba\Touch and Launch\bak\PadExe.exe"
159744 Oct 20 2003 "C:\Toshiba\IVP\ISM\pinger.exe"
159744 Oct 20 2003 "C:\Toshiba\IVP\ISM\bak\pinger.exe"


end of report
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 4th, 2008, 10:54 pm

Step Three Run FindAWF
Run FindAWF.exe from your desktop.
  • Press any key to get past the compiler message.
  • Type 3 in the options menu to Remove and press Enter.
  • A text file called folders.txt will be opened.
  • Copy the lines inside the code box below using Ctrl+C.
    Code: Select all
    C:\Program Files\ltmoh\bak
    C:\Program Files\QuickTime\bak
    C:\Program Files\ATI Technologies\ATI Control Panel\bak
    C:\Program Files\Synaptics\SynTP\bak
    C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
    C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak
    C:\Program Files\Toshiba\TOSCDSPD\bak
    C:\Program Files\Toshiba\TOSHIBA Applet\bak
    C:\Program Files\Toshiba\Touch and Launch\bak
    C:\Toshiba\IVP\ISM\bak

  • In folders.txt, click below the line and use Ctrl+V to paste the copied lines.
  • Close the Notepad file and click Yes to save the changes.
  • Let the tool run.
  • The output is awf.txt, save the text file to your desktop.
  • Copy and paste the contents of the AWF.txt file in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 4th, 2008, 11:02 pm

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2008-07-05
The current time is: 20:01:40.25


bak folders found
~~~~~~~~~~~


Directory of C:\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2003-03-31 05:00 13,312 ctfmon.exe
1 File(s) 13,312 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
13312 Mar 31 2003 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"


end of report
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 4th, 2008, 11:14 pm

Hi, we need to run one of the steps again,this fix will take several posts as you have multiple infections,were nearly through the first then we will move on to the main infection. Your doing fine and with your regular posts were able to get on top of things. :)

Run FindAWF.exe from your desktop.
  • Press any key to get past the compiler message.
  • Type 2 in the options menu to Restore and press Enter.
  • A text file called files.txt will be opened.
  • Copy the lines inside the code box below using Ctrl+C.
    Code: Select all
    "C:\WINDOWS\system32\bak\ctfmon.exe"

  • In files.txt, click below the line and use Ctrl+V to paste the copied lines.
  • Close the Notepad file and click Yes to save the changes.
  • Let the tool run.
  • The output is awf.txt, save the text file to your desktop.
  • Copy and paste the contents of the AWF.txt file in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 4th, 2008, 11:25 pm

thank you again, so very much.



Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2008-07-05
The current time is: 20:24:13.14


bak folders found
~~~~~~~~~~~


Directory of C:\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2003-03-31 05:00 13,312 ctfmon.exe
1 File(s) 13,312 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
13312 Mar 31 2003 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe"


end of report
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 5th, 2008, 12:24 am

Before I go any further I need to check a few things out regarding one of the files.
I will check back in with you later.
dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 5th, 2008, 1:36 am

alrighty, thanks.
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 5th, 2008, 5:32 am

Sorry to keep you :) got that cleared up.

Step Four
Run FindAWF.exe from your desktop.
  • Press any key to get past the compiler message.
  • Type 4 in the options menu to Reset Domain Zones and press Enter.
  • Let the tool run.
  • The tool sends you back to the options menu.
  • Type E in the menu to Exit and press Enter.
Note: You will have to re-immunize with SpywareBlaster, IE-SPYAD, and/or Spybot - Search & Destroy after doing this.
If your running with these programs.

let me know when done!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 5th, 2008, 1:39 pm

how we doing?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Horrible lag, settings changed, help me!

Unread postby 62chevy » July 5th, 2008, 2:10 pm

done
62chevy
Regular Member
 
Posts: 19
Joined: July 4th, 2008, 4:43 am

Re: Horrible lag, settings changed, help me!

Unread postby dan12 » July 5th, 2008, 2:19 pm

Delete programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:

  • FBrowsingAdvisor
    AWS
    Viewpoint Media Player
    WeatherBug
    ShopperReports

**Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

___________



1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all

File::
C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll
C:\WINDOWS\system32\drivers\evolusb.sy
E:\maple story\npkycryp.sy
C:\windows\system32\rwwnw64d.exe
C:\WINDOWS\system32\sgeqbfmj.dll
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\vbzip10.dll
C:\regxpcom.exe
C:\WINDOWS\system32\xdulewds.VIR
C:\WINDOWS\VVNFUg\pphIo0.vbs
Folder::
C:\Program Files\BoontyGames
C:\Program Files\Starware408
C:\Documents and Settings\All Users\Application Data\Avira
C:\Documents and Settings\ShoppingReport
C:\Documents and Settings\report
C:\WINDOWS\VVNFUg
C:\WINDOWS\system32\xsir
C:\WINDOWS\system32\vec3
C:\WINDOWS\system32\mp
C:\WINDOWS\system32\modtrux18
C:\WINDOWS\system32\bam
C:\TEMP\syschk3
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{31-1A-A4-4C-DW}"=-
"d0531ae3"=-
Driver::
S3 EVOLUSB  
S3 npkycryp  


    


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Post the log and a fresh HJT log

dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 396 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware